diff --git a/Frameworks/OpenSSL.xcframework/Info.plist b/Frameworks/OpenSSL.xcframework/Info.plist
index 63bf4769..b76ed69d 100644
--- a/Frameworks/OpenSSL.xcframework/Info.plist
+++ b/Frameworks/OpenSSL.xcframework/Info.plist
@@ -8,31 +8,32 @@
 			<key>BinaryPath</key>
 			<string>OpenSSL.framework/OpenSSL</string>
 			<key>LibraryIdentifier</key>
-			<string>watchos-arm64_arm64_32_armv7k</string>
+			<string>xros-arm64</string>
 			<key>LibraryPath</key>
 			<string>OpenSSL.framework</string>
 			<key>SupportedArchitectures</key>
 			<array>
 				<string>arm64</string>
-				<string>arm64_32</string>
-				<string>armv7k</string>
 			</array>
 			<key>SupportedPlatform</key>
-			<string>watchos</string>
+			<string>xros</string>
 		</dict>
 		<dict>
 			<key>BinaryPath</key>
-			<string>OpenSSL.framework/OpenSSL</string>
+			<string>OpenSSL.framework/Versions/A/OpenSSL</string>
 			<key>LibraryIdentifier</key>
-			<string>xros-arm64</string>
+			<string>ios-arm64_x86_64-maccatalyst</string>
 			<key>LibraryPath</key>
 			<string>OpenSSL.framework</string>
 			<key>SupportedArchitectures</key>
 			<array>
 				<string>arm64</string>
+				<string>x86_64</string>
 			</array>
 			<key>SupportedPlatform</key>
-			<string>xros</string>
+			<string>ios</string>
+			<key>SupportedPlatformVariant</key>
+			<string>maccatalyst</string>
 		</dict>
 		<dict>
 			<key>BinaryPath</key>
@@ -52,7 +53,7 @@
 			<key>BinaryPath</key>
 			<string>OpenSSL.framework/OpenSSL</string>
 			<key>LibraryIdentifier</key>
-			<string>xros-arm64_x86_64-simulator</string>
+			<string>watchos-arm64_x86_64-simulator</string>
 			<key>LibraryPath</key>
 			<string>OpenSSL.framework</string>
 			<key>SupportedArchitectures</key>
@@ -61,7 +62,7 @@
 				<string>x86_64</string>
 			</array>
 			<key>SupportedPlatform</key>
-			<string>xros</string>
+			<string>watchos</string>
 			<key>SupportedPlatformVariant</key>
 			<string>simulator</string>
 		</dict>
@@ -86,7 +87,7 @@
 			<key>BinaryPath</key>
 			<string>OpenSSL.framework/OpenSSL</string>
 			<key>LibraryIdentifier</key>
-			<string>ios-arm64_x86_64-simulator</string>
+			<string>xros-arm64_x86_64-simulator</string>
 			<key>LibraryPath</key>
 			<string>OpenSSL.framework</string>
 			<key>SupportedArchitectures</key>
@@ -95,7 +96,7 @@
 				<string>x86_64</string>
 			</array>
 			<key>SupportedPlatform</key>
-			<string>ios</string>
+			<string>xros</string>
 			<key>SupportedPlatformVariant</key>
 			<string>simulator</string>
 		</dict>
@@ -103,39 +104,37 @@
 			<key>BinaryPath</key>
 			<string>OpenSSL.framework/OpenSSL</string>
 			<key>LibraryIdentifier</key>
-			<string>watchos-arm64_x86_64-simulator</string>
+			<string>watchos-arm64_arm64_32_armv7k</string>
 			<key>LibraryPath</key>
 			<string>OpenSSL.framework</string>
 			<key>SupportedArchitectures</key>
 			<array>
 				<string>arm64</string>
-				<string>x86_64</string>
+				<string>arm64_32</string>
+				<string>armv7k</string>
 			</array>
 			<key>SupportedPlatform</key>
 			<string>watchos</string>
-			<key>SupportedPlatformVariant</key>
-			<string>simulator</string>
 		</dict>
 		<dict>
 			<key>BinaryPath</key>
-			<string>OpenSSL.framework/Versions/A/OpenSSL</string>
+			<string>OpenSSL.framework/OpenSSL</string>
 			<key>LibraryIdentifier</key>
-			<string>macos-arm64_x86_64</string>
+			<string>ios-arm64</string>
 			<key>LibraryPath</key>
 			<string>OpenSSL.framework</string>
 			<key>SupportedArchitectures</key>
 			<array>
 				<string>arm64</string>
-				<string>x86_64</string>
 			</array>
 			<key>SupportedPlatform</key>
-			<string>macos</string>
+			<string>ios</string>
 		</dict>
 		<dict>
 			<key>BinaryPath</key>
 			<string>OpenSSL.framework/Versions/A/OpenSSL</string>
 			<key>LibraryIdentifier</key>
-			<string>ios-arm64_x86_64-maccatalyst</string>
+			<string>macos-arm64_x86_64</string>
 			<key>LibraryPath</key>
 			<string>OpenSSL.framework</string>
 			<key>SupportedArchitectures</key>
@@ -144,23 +143,24 @@
 				<string>x86_64</string>
 			</array>
 			<key>SupportedPlatform</key>
-			<string>ios</string>
-			<key>SupportedPlatformVariant</key>
-			<string>maccatalyst</string>
+			<string>macos</string>
 		</dict>
 		<dict>
 			<key>BinaryPath</key>
 			<string>OpenSSL.framework/OpenSSL</string>
 			<key>LibraryIdentifier</key>
-			<string>ios-arm64</string>
+			<string>ios-arm64_x86_64-simulator</string>
 			<key>LibraryPath</key>
 			<string>OpenSSL.framework</string>
 			<key>SupportedArchitectures</key>
 			<array>
 				<string>arm64</string>
+				<string>x86_64</string>
 			</array>
 			<key>SupportedPlatform</key>
 			<string>ios</string>
+			<key>SupportedPlatformVariant</key>
+			<string>simulator</string>
 		</dict>
 	</array>
 	<key>CFBundlePackageType</key>
diff --git a/Frameworks/OpenSSL.xcframework/_CodeSignature/CodeDirectory b/Frameworks/OpenSSL.xcframework/_CodeSignature/CodeDirectory
index f41e341f..2e223e3b 100644
Binary files a/Frameworks/OpenSSL.xcframework/_CodeSignature/CodeDirectory and b/Frameworks/OpenSSL.xcframework/_CodeSignature/CodeDirectory differ
diff --git a/Frameworks/OpenSSL.xcframework/_CodeSignature/CodeRequirements-1 b/Frameworks/OpenSSL.xcframework/_CodeSignature/CodeRequirements-1
index de39153c..8b80b247 100644
Binary files a/Frameworks/OpenSSL.xcframework/_CodeSignature/CodeRequirements-1 and b/Frameworks/OpenSSL.xcframework/_CodeSignature/CodeRequirements-1 differ
diff --git a/Frameworks/OpenSSL.xcframework/_CodeSignature/CodeResources b/Frameworks/OpenSSL.xcframework/_CodeSignature/CodeResources
index 6a30ebff..468a3ade 100644
--- a/Frameworks/OpenSSL.xcframework/_CodeSignature/CodeResources
+++ b/Frameworks/OpenSSL.xcframework/_CodeSignature/CodeResources
@@ -6,7 +6,7 @@
 	<dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/OpenSSL.h</key>
 		<data>
-		mHUne0OK2xRHc4qeSSyRhXvJGpU=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/aes.h</key>
 		<data>
@@ -14,7 +14,7 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/asn1err.h</key>
 		<data>
@@ -26,7 +26,7 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/asyncerr.h</key>
 		<data>
@@ -34,11 +34,11 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/blowfish.h</key>
 		<data>
@@ -46,7 +46,7 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/bnerr.h</key>
 		<data>
@@ -74,7 +74,7 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/cmp_util.h</key>
 		<data>
@@ -82,27 +82,27 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/conf_api.h</key>
 		<data>
@@ -114,7 +114,7 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/configuration.h</key>
 		<data>
-		+F2jiEDb2+x9S5t4KDebzaDtLpY=
+		ia9Lq9Ma5Kl0sdwkNFmHsS3OUkU=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/conftypes.h</key>
 		<data>
@@ -122,15 +122,15 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/core_object.h</key>
 		<data>
@@ -138,7 +138,7 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/crmferr.h</key>
 		<data>
@@ -146,7 +146,7 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/cryptoerr.h</key>
 		<data>
@@ -158,7 +158,7 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/cterr.h</key>
 		<data>
@@ -182,11 +182,11 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/dsaerr.h</key>
 		<data>
@@ -198,7 +198,11 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>ios-arm64/OpenSSL.framework/Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/ebcdic.h</key>
 		<data>
@@ -206,7 +210,7 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/ecdh.h</key>
 		<data>
@@ -238,7 +242,7 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/ess.h</key>
 		<data>
@@ -250,11 +254,11 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/fips_names.h</key>
 		<data>
@@ -268,9 +272,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>ios-arm64/OpenSSL.framework/Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/httperr.h</key>
 		<data>
@@ -290,11 +298,11 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/md2.h</key>
 		<data>
@@ -318,7 +326,7 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/objects.h</key>
 		<data>
@@ -342,7 +350,7 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/ossl_typ.h</key>
 		<data>
@@ -358,7 +366,7 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/pem2.h</key>
 		<data>
@@ -370,15 +378,15 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/pkcs7err.h</key>
 		<data>
@@ -386,19 +394,23 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>ios-arm64/OpenSSL.framework/Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/randerr.h</key>
 		<data>
@@ -422,7 +434,7 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/rsaerr.h</key>
 		<data>
@@ -442,7 +454,7 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/shim.h</key>
 		<data>
@@ -454,11 +466,11 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/ssl2.h</key>
 		<data>
@@ -466,11 +478,11 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/sslerr_legacy.h</key>
 		<data>
@@ -482,7 +494,7 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/storeerr.h</key>
 		<data>
@@ -492,17 +504,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>ios-arm64/OpenSSL.framework/Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/tserr.h</key>
 		<data>
@@ -514,7 +530,7 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/ui.h</key>
 		<data>
@@ -530,27 +546,27 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Info.plist</key>
 		<data>
-		p8pGcPfYkvwcSjn6YFMGuc6tJ8Q=
+		QrYuUiaf0eAsvjMGE/3sfZCnj4w=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/Modules/module.modulemap</key>
 		<data>
@@ -558,7 +574,7 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/OpenSSL</key>
 		<data>
-		ppCq5C88xtvkU2CDACx36kXXnVo=
+		7JonS9XM9veasPdXQEhq+nihrRY=
 		</data>
 		<key>ios-arm64/OpenSSL.framework/PrivacyInfo.xcprivacy</key>
 		<data>
@@ -566,11 +582,11 @@
 		</data>
 		<key>ios-arm64/OpenSSL.framework/_CodeSignature/CodeResources</key>
 		<data>
-		746iBFjmKPWtAN5UCFjk059kcNM=
+		fC3oucFnqWZPqNAJ10CQhnPJk8Y=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/OpenSSL.h</key>
 		<data>
-		yQ/UmV4eSHkkDZlFCuXnVKCz0tw=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/aes.h</key>
 		<data>
@@ -578,7 +594,7 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/asn1err.h</key>
 		<data>
@@ -590,7 +606,7 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/asyncerr.h</key>
 		<data>
@@ -598,11 +614,11 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/blowfish.h</key>
 		<data>
@@ -610,7 +626,7 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/bnerr.h</key>
 		<data>
@@ -638,7 +654,7 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cmp_util.h</key>
 		<data>
@@ -646,27 +662,27 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/conf_api.h</key>
 		<data>
@@ -678,7 +694,7 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/configuration.h</key>
 		<data>
-		yKcrJg/N+yC02bZRUkC+0bBZR98=
+		lScZfdfcK3XXRdUgxXzIzzZ9CoM=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/conftypes.h</key>
 		<data>
@@ -686,15 +702,15 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core_object.h</key>
 		<data>
@@ -702,7 +718,7 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/crmferr.h</key>
 		<data>
@@ -710,7 +726,7 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cryptoerr.h</key>
 		<data>
@@ -722,7 +738,7 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cterr.h</key>
 		<data>
@@ -746,11 +762,11 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/dsaerr.h</key>
 		<data>
@@ -762,7 +778,11 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ebcdic.h</key>
 		<data>
@@ -770,7 +790,7 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ecdh.h</key>
 		<data>
@@ -802,7 +822,7 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ess.h</key>
 		<data>
@@ -814,11 +834,11 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/fips_names.h</key>
 		<data>
@@ -832,9 +852,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/httperr.h</key>
 		<data>
@@ -854,11 +878,11 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/md2.h</key>
 		<data>
@@ -882,7 +906,7 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/objects.h</key>
 		<data>
@@ -906,7 +930,7 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ossl_typ.h</key>
 		<data>
@@ -922,7 +946,7 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pem2.h</key>
 		<data>
@@ -934,15 +958,15 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs7err.h</key>
 		<data>
@@ -950,19 +974,23 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/randerr.h</key>
 		<data>
@@ -986,7 +1014,7 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/rsaerr.h</key>
 		<data>
@@ -1006,7 +1034,7 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/shim.h</key>
 		<data>
@@ -1018,11 +1046,11 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ssl2.h</key>
 		<data>
@@ -1030,11 +1058,11 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/sslerr_legacy.h</key>
 		<data>
@@ -1046,7 +1074,7 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/storeerr.h</key>
 		<data>
@@ -1056,17 +1084,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/tserr.h</key>
 		<data>
@@ -1078,7 +1110,7 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ui.h</key>
 		<data>
@@ -1094,23 +1126,23 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Modules/module.modulemap</key>
 		<data>
@@ -1118,11 +1150,11 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/OpenSSL</key>
 		<data>
-		fLRat1H8sWPVJbjufnRyb6H76PI=
+		OtyS1Dz6HLbi3iD9en5zLUCY1Cs=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Resources/Info.plist</key>
 		<data>
-		OJvQ7pX3wlgZRJKyNUDPz1Nh/6c=
+		locKjucac2EJ89FRFaQ2fAquWYc=
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Resources/PrivacyInfo.xcprivacy</key>
 		<data>
@@ -1130,11 +1162,11 @@
 		</data>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/_CodeSignature/CodeResources</key>
 		<data>
-		K/EvKivFw7A4z4e4u7Ewejfo+UQ=
+		hrSqgBpvYsXxI967h50+QSo7A7w=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h</key>
 		<data>
-		fK1QdcAv69VIFSZCMl9bAZN5138=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/aes.h</key>
 		<data>
@@ -1142,7 +1174,7 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1err.h</key>
 		<data>
@@ -1154,7 +1186,7 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/asyncerr.h</key>
 		<data>
@@ -1162,11 +1194,11 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/blowfish.h</key>
 		<data>
@@ -1174,7 +1206,7 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/bnerr.h</key>
 		<data>
@@ -1202,7 +1234,7 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp_util.h</key>
 		<data>
@@ -1210,27 +1242,27 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf_api.h</key>
 		<data>
@@ -1242,7 +1274,7 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h</key>
 		<data>
-		+F2jiEDb2+x9S5t4KDebzaDtLpY=
+		ia9Lq9Ma5Kl0sdwkNFmHsS3OUkU=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/conftypes.h</key>
 		<data>
@@ -1250,15 +1282,15 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_object.h</key>
 		<data>
@@ -1266,7 +1298,7 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmferr.h</key>
 		<data>
@@ -1274,7 +1306,7 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cryptoerr.h</key>
 		<data>
@@ -1286,7 +1318,7 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cterr.h</key>
 		<data>
@@ -1310,11 +1342,11 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsaerr.h</key>
 		<data>
@@ -1326,7 +1358,11 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ebcdic.h</key>
 		<data>
@@ -1334,7 +1370,7 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ecdh.h</key>
 		<data>
@@ -1366,7 +1402,7 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ess.h</key>
 		<data>
@@ -1378,11 +1414,11 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/fips_names.h</key>
 		<data>
@@ -1396,9 +1432,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/httperr.h</key>
 		<data>
@@ -1418,11 +1458,11 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/md2.h</key>
 		<data>
@@ -1446,7 +1486,7 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/objects.h</key>
 		<data>
@@ -1470,7 +1510,7 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ossl_typ.h</key>
 		<data>
@@ -1486,7 +1526,7 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem2.h</key>
 		<data>
@@ -1498,15 +1538,15 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7err.h</key>
 		<data>
@@ -1514,19 +1554,23 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/randerr.h</key>
 		<data>
@@ -1550,7 +1594,7 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsaerr.h</key>
 		<data>
@@ -1570,7 +1614,7 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/shim.h</key>
 		<data>
@@ -1582,11 +1626,11 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl2.h</key>
 		<data>
@@ -1594,11 +1638,11 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr_legacy.h</key>
 		<data>
@@ -1610,7 +1654,7 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/storeerr.h</key>
 		<data>
@@ -1620,17 +1664,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/tserr.h</key>
 		<data>
@@ -1642,7 +1690,7 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ui.h</key>
 		<data>
@@ -1658,27 +1706,27 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Info.plist</key>
 		<data>
-		0m8oytXurvYln9OPfsAnw+9bPyc=
+		Wx0Sw4H53tuW3NqecVlInMDXno4=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Modules/module.modulemap</key>
 		<data>
@@ -1686,7 +1734,7 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL</key>
 		<data>
-		ifxd21P+xNRtFnuIcwsRk4Ui+xI=
+		q9iM5x2mXn+A54mbHgXuLArAnGg=
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/PrivacyInfo.xcprivacy</key>
 		<data>
@@ -1694,11 +1742,11 @@
 		</data>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources</key>
 		<data>
-		zYFgTH51DNezs/BjgVnluy4an14=
+		eWd3qtmct8/l+Kb1qHnrNDRxnxc=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/OpenSSL.h</key>
 		<data>
-		fK1QdcAv69VIFSZCMl9bAZN5138=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/aes.h</key>
 		<data>
@@ -1706,7 +1754,7 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/asn1err.h</key>
 		<data>
@@ -1718,7 +1766,7 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/asyncerr.h</key>
 		<data>
@@ -1726,11 +1774,11 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/blowfish.h</key>
 		<data>
@@ -1738,7 +1786,7 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/bnerr.h</key>
 		<data>
@@ -1766,7 +1814,7 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cmp_util.h</key>
 		<data>
@@ -1774,27 +1822,27 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/conf_api.h</key>
 		<data>
@@ -1806,7 +1854,7 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/configuration.h</key>
 		<data>
-		yKcrJg/N+yC02bZRUkC+0bBZR98=
+		lScZfdfcK3XXRdUgxXzIzzZ9CoM=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/conftypes.h</key>
 		<data>
@@ -1814,15 +1862,15 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core_object.h</key>
 		<data>
@@ -1830,7 +1878,7 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/crmferr.h</key>
 		<data>
@@ -1838,7 +1886,7 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cryptoerr.h</key>
 		<data>
@@ -1850,7 +1898,7 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cterr.h</key>
 		<data>
@@ -1874,11 +1922,11 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/dsaerr.h</key>
 		<data>
@@ -1890,7 +1938,11 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ebcdic.h</key>
 		<data>
@@ -1898,7 +1950,7 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ecdh.h</key>
 		<data>
@@ -1930,7 +1982,7 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ess.h</key>
 		<data>
@@ -1942,11 +1994,11 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/fips_names.h</key>
 		<data>
@@ -1960,9 +2012,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/httperr.h</key>
 		<data>
@@ -1982,11 +2038,11 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/md2.h</key>
 		<data>
@@ -2010,7 +2066,7 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/objects.h</key>
 		<data>
@@ -2034,7 +2090,7 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ossl_typ.h</key>
 		<data>
@@ -2050,7 +2106,7 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pem2.h</key>
 		<data>
@@ -2062,15 +2118,15 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs7err.h</key>
 		<data>
@@ -2078,19 +2134,23 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/randerr.h</key>
 		<data>
@@ -2114,7 +2174,7 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/rsaerr.h</key>
 		<data>
@@ -2134,7 +2194,7 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/shim.h</key>
 		<data>
@@ -2146,11 +2206,11 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ssl2.h</key>
 		<data>
@@ -2158,11 +2218,11 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/sslerr_legacy.h</key>
 		<data>
@@ -2174,7 +2234,7 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/storeerr.h</key>
 		<data>
@@ -2184,17 +2244,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/tserr.h</key>
 		<data>
@@ -2206,7 +2270,7 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ui.h</key>
 		<data>
@@ -2222,23 +2286,23 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Modules/module.modulemap</key>
 		<data>
@@ -2246,11 +2310,11 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/OpenSSL</key>
 		<data>
-		XDPuT61S5QKqbrooIKyS7H8LmAI=
+		PDry7lDe12unud2VEVBYjXHZJ+8=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Resources/Info.plist</key>
 		<data>
-		dXJ6Wg6vzE61Loe5kgfN6ogyAJc=
+		ygSh/JNcojZ+defoLJ/ubUODJLc=
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Resources/PrivacyInfo.xcprivacy</key>
 		<data>
@@ -2258,11 +2322,11 @@
 		</data>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/_CodeSignature/CodeResources</key>
 		<data>
-		MqitY7Le8067w/DcMRY1KkllxcM=
+		z61dC00PwhxwyWfylvAv7YprDZU=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/OpenSSL.h</key>
 		<data>
-		vc1jSl1OkdYUvhhMMZYtn89+rt4=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/aes.h</key>
 		<data>
@@ -2270,7 +2334,7 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/asn1err.h</key>
 		<data>
@@ -2282,7 +2346,7 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/asyncerr.h</key>
 		<data>
@@ -2290,11 +2354,11 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/blowfish.h</key>
 		<data>
@@ -2302,7 +2366,7 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/bnerr.h</key>
 		<data>
@@ -2330,7 +2394,7 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/cmp_util.h</key>
 		<data>
@@ -2338,27 +2402,27 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/conf_api.h</key>
 		<data>
@@ -2370,7 +2434,7 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/configuration.h</key>
 		<data>
-		1Ocg2HkmksHWEL7ue/UNifUsa0g=
+		31BE8LwRUj29KzYtu8s7CYNvvoY=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/conftypes.h</key>
 		<data>
@@ -2378,15 +2442,15 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/core_object.h</key>
 		<data>
@@ -2394,7 +2458,7 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/crmferr.h</key>
 		<data>
@@ -2402,7 +2466,7 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/cryptoerr.h</key>
 		<data>
@@ -2414,7 +2478,7 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/cterr.h</key>
 		<data>
@@ -2438,11 +2502,11 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/dsaerr.h</key>
 		<data>
@@ -2454,7 +2518,11 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>tvos-arm64/OpenSSL.framework/Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ebcdic.h</key>
 		<data>
@@ -2462,7 +2530,7 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ecdh.h</key>
 		<data>
@@ -2494,7 +2562,7 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ess.h</key>
 		<data>
@@ -2506,11 +2574,11 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/fips_names.h</key>
 		<data>
@@ -2524,9 +2592,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>tvos-arm64/OpenSSL.framework/Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/httperr.h</key>
 		<data>
@@ -2546,11 +2618,11 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/md2.h</key>
 		<data>
@@ -2574,7 +2646,7 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/objects.h</key>
 		<data>
@@ -2598,7 +2670,7 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ossl_typ.h</key>
 		<data>
@@ -2614,7 +2686,7 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/pem2.h</key>
 		<data>
@@ -2626,15 +2698,15 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/pkcs7err.h</key>
 		<data>
@@ -2642,19 +2714,23 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>tvos-arm64/OpenSSL.framework/Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/randerr.h</key>
 		<data>
@@ -2678,7 +2754,7 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/rsaerr.h</key>
 		<data>
@@ -2698,7 +2774,7 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/shim.h</key>
 		<data>
@@ -2710,11 +2786,11 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ssl2.h</key>
 		<data>
@@ -2722,11 +2798,11 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/sslerr_legacy.h</key>
 		<data>
@@ -2738,7 +2814,7 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/storeerr.h</key>
 		<data>
@@ -2748,17 +2824,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>tvos-arm64/OpenSSL.framework/Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/tserr.h</key>
 		<data>
@@ -2770,7 +2850,7 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ui.h</key>
 		<data>
@@ -2786,27 +2866,27 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Info.plist</key>
 		<data>
-		oZXhDOU/3AFMLSF66La/lrevBPU=
+		+KCnD2Ok5EzpN+IJyljnRpZaVNw=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/Modules/module.modulemap</key>
 		<data>
@@ -2814,7 +2894,7 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/OpenSSL</key>
 		<data>
-		BCCkAV7i/apX88lanTiFUHY+mYA=
+		vafs0Gdc3tkRfJuQ4JjeyCrW/tE=
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/PrivacyInfo.xcprivacy</key>
 		<data>
@@ -2822,11 +2902,11 @@
 		</data>
 		<key>tvos-arm64/OpenSSL.framework/_CodeSignature/CodeResources</key>
 		<data>
-		Rnzg0hM6XX7PUdy1zYOLPo+t6nE=
+		C8CXTyLi7JpI0jtr+EYLYsNzc58=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h</key>
 		<data>
-		r0aBnOwrMBAaT5qwutVA9mzGMlQ=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/aes.h</key>
 		<data>
@@ -2834,7 +2914,7 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1err.h</key>
 		<data>
@@ -2846,7 +2926,7 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/asyncerr.h</key>
 		<data>
@@ -2854,11 +2934,11 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/blowfish.h</key>
 		<data>
@@ -2866,7 +2946,7 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bnerr.h</key>
 		<data>
@@ -2894,7 +2974,7 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp_util.h</key>
 		<data>
@@ -2902,27 +2982,27 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf_api.h</key>
 		<data>
@@ -2934,7 +3014,7 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h</key>
 		<data>
-		1Ocg2HkmksHWEL7ue/UNifUsa0g=
+		31BE8LwRUj29KzYtu8s7CYNvvoY=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conftypes.h</key>
 		<data>
@@ -2942,15 +3022,15 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_object.h</key>
 		<data>
@@ -2958,7 +3038,7 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmferr.h</key>
 		<data>
@@ -2966,7 +3046,7 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cryptoerr.h</key>
 		<data>
@@ -2978,7 +3058,7 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cterr.h</key>
 		<data>
@@ -3002,11 +3082,11 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsaerr.h</key>
 		<data>
@@ -3018,7 +3098,11 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ebcdic.h</key>
 		<data>
@@ -3026,7 +3110,7 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ecdh.h</key>
 		<data>
@@ -3058,7 +3142,7 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ess.h</key>
 		<data>
@@ -3070,11 +3154,11 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/fips_names.h</key>
 		<data>
@@ -3088,9 +3172,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/httperr.h</key>
 		<data>
@@ -3110,11 +3198,11 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/md2.h</key>
 		<data>
@@ -3138,7 +3226,7 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/objects.h</key>
 		<data>
@@ -3162,7 +3250,7 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ossl_typ.h</key>
 		<data>
@@ -3178,7 +3266,7 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem2.h</key>
 		<data>
@@ -3190,15 +3278,15 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7err.h</key>
 		<data>
@@ -3206,19 +3294,23 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/randerr.h</key>
 		<data>
@@ -3242,7 +3334,7 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsaerr.h</key>
 		<data>
@@ -3262,7 +3354,7 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/shim.h</key>
 		<data>
@@ -3274,11 +3366,11 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl2.h</key>
 		<data>
@@ -3286,11 +3378,11 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr_legacy.h</key>
 		<data>
@@ -3302,7 +3394,7 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/storeerr.h</key>
 		<data>
@@ -3312,17 +3404,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/tserr.h</key>
 		<data>
@@ -3334,7 +3430,7 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ui.h</key>
 		<data>
@@ -3350,27 +3446,27 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Info.plist</key>
 		<data>
-		aiAmlwCKlv6I/bfXU9M0giCEtpw=
+		gd7rWr8OhyDXUVClEo5R5CxFUjQ=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Modules/module.modulemap</key>
 		<data>
@@ -3378,7 +3474,7 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL</key>
 		<data>
-		Vb+fIr7sNIHf0RB1blDsGKJIYM4=
+		cVV2aKrAO0bY8Qv7kIfqwOV5+XU=
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/PrivacyInfo.xcprivacy</key>
 		<data>
@@ -3386,7 +3482,11 @@
 		</data>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources</key>
 		<data>
-		Qk1U1YsHwvXwbBrxokmWLG1KmYw=
+		4Zk2Yw2gG2t+9OksayZGVL5EP5I=
+		</data>
+		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/OpenSSL.h</key>
+		<data>
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/aes.h</key>
 		<data>
@@ -3394,7 +3494,7 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/asn1err.h</key>
 		<data>
@@ -3406,7 +3506,7 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/asyncerr.h</key>
 		<data>
@@ -3414,11 +3514,11 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/blowfish.h</key>
 		<data>
@@ -3426,7 +3526,7 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/bnerr.h</key>
 		<data>
@@ -3454,7 +3554,7 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cmp_util.h</key>
 		<data>
@@ -3462,27 +3562,27 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/conf_api.h</key>
 		<data>
@@ -3494,7 +3594,7 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/configuration.h</key>
 		<data>
-		3nBx/DLjXO0mXHHCNM7FsRhdYEA=
+		mp4WLl5nQWdzgpf97VWrQ5tGnbY=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/conftypes.h</key>
 		<data>
@@ -3502,15 +3602,15 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core_object.h</key>
 		<data>
@@ -3518,7 +3618,7 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/crmferr.h</key>
 		<data>
@@ -3526,7 +3626,7 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cryptoerr.h</key>
 		<data>
@@ -3538,7 +3638,7 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cterr.h</key>
 		<data>
@@ -3562,11 +3662,11 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/dsaerr.h</key>
 		<data>
@@ -3578,7 +3678,11 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ebcdic.h</key>
 		<data>
@@ -3586,7 +3690,7 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ecdh.h</key>
 		<data>
@@ -3618,7 +3722,7 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ess.h</key>
 		<data>
@@ -3630,11 +3734,11 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/fips_names.h</key>
 		<data>
@@ -3648,9 +3752,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/httperr.h</key>
 		<data>
@@ -3670,11 +3778,11 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/md2.h</key>
 		<data>
@@ -3698,7 +3806,7 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/objects.h</key>
 		<data>
@@ -3722,7 +3830,7 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ossl_typ.h</key>
 		<data>
@@ -3738,7 +3846,7 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pem2.h</key>
 		<data>
@@ -3750,15 +3858,15 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs7err.h</key>
 		<data>
@@ -3766,19 +3874,23 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/randerr.h</key>
 		<data>
@@ -3802,7 +3914,7 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/rsaerr.h</key>
 		<data>
@@ -3822,7 +3934,7 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/shim.h</key>
 		<data>
@@ -3834,11 +3946,11 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ssl2.h</key>
 		<data>
@@ -3846,11 +3958,11 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/sslerr_legacy.h</key>
 		<data>
@@ -3862,7 +3974,7 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/storeerr.h</key>
 		<data>
@@ -3872,17 +3984,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/tserr.h</key>
 		<data>
@@ -3894,7 +4010,7 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ui.h</key>
 		<data>
@@ -3910,31 +4026,35 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Info.plist</key>
 		<data>
-		7euqe7/0W21zvJtJzk53Rhic2qs=
+		WsRRl8h68x1Yl3IxQopDVCxzZAM=
+		</data>
+		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Modules/module.modulemap</key>
+		<data>
+		wSMjVnQJnXCQkrl0p+m5ijRHe3c=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/OpenSSL</key>
 		<data>
-		0YuTzWCo0IyF3SotGjsvOUfEOkc=
+		Z1/jv/bLilofslm6qhQIfU8x9nc=
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/PrivacyInfo.xcprivacy</key>
 		<data>
@@ -3942,7 +4062,11 @@
 		</data>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/_CodeSignature/CodeResources</key>
 		<data>
-		MI5RwIHQTMiwdzIq/jJtvWSbO78=
+		NW2synqq1hfrFw4e5LrNHAKk7Jk=
+		</data>
+		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h</key>
+		<data>
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/aes.h</key>
 		<data>
@@ -3950,7 +4074,7 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1err.h</key>
 		<data>
@@ -3962,7 +4086,7 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/asyncerr.h</key>
 		<data>
@@ -3970,11 +4094,11 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/blowfish.h</key>
 		<data>
@@ -3982,7 +4106,7 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bnerr.h</key>
 		<data>
@@ -4010,7 +4134,7 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp_util.h</key>
 		<data>
@@ -4018,27 +4142,27 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf_api.h</key>
 		<data>
@@ -4050,7 +4174,7 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h</key>
 		<data>
-		3nBx/DLjXO0mXHHCNM7FsRhdYEA=
+		mp4WLl5nQWdzgpf97VWrQ5tGnbY=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conftypes.h</key>
 		<data>
@@ -4058,15 +4182,15 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_object.h</key>
 		<data>
@@ -4074,7 +4198,7 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmferr.h</key>
 		<data>
@@ -4082,7 +4206,7 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cryptoerr.h</key>
 		<data>
@@ -4094,7 +4218,7 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cterr.h</key>
 		<data>
@@ -4118,11 +4242,11 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsaerr.h</key>
 		<data>
@@ -4134,7 +4258,11 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ebcdic.h</key>
 		<data>
@@ -4142,7 +4270,7 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ecdh.h</key>
 		<data>
@@ -4174,7 +4302,7 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ess.h</key>
 		<data>
@@ -4186,11 +4314,11 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/fips_names.h</key>
 		<data>
@@ -4204,9 +4332,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/httperr.h</key>
 		<data>
@@ -4226,11 +4358,11 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/md2.h</key>
 		<data>
@@ -4254,7 +4386,7 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/objects.h</key>
 		<data>
@@ -4278,7 +4410,7 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ossl_typ.h</key>
 		<data>
@@ -4294,7 +4426,7 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem2.h</key>
 		<data>
@@ -4306,15 +4438,15 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7err.h</key>
 		<data>
@@ -4322,19 +4454,23 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/randerr.h</key>
 		<data>
@@ -4358,7 +4494,7 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsaerr.h</key>
 		<data>
@@ -4378,7 +4514,7 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/shim.h</key>
 		<data>
@@ -4390,11 +4526,11 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl2.h</key>
 		<data>
@@ -4402,11 +4538,11 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr_legacy.h</key>
 		<data>
@@ -4418,7 +4554,7 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/storeerr.h</key>
 		<data>
@@ -4428,17 +4564,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/tserr.h</key>
 		<data>
@@ -4450,7 +4590,7 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ui.h</key>
 		<data>
@@ -4466,31 +4606,35 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Info.plist</key>
 		<data>
-		MCXGB7p+FnvUqa7zRPwwvFkL2Cs=
+		HLzm/NeSNfFVhCsA8UzYIsaUqHM=
+		</data>
+		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Modules/module.modulemap</key>
+		<data>
+		wSMjVnQJnXCQkrl0p+m5ijRHe3c=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL</key>
 		<data>
-		xKZrbX++E1ICgBaj0Ex+PhT3tdA=
+		Js75VAcaY86wGetSiwdzgCTb+yw=
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/PrivacyInfo.xcprivacy</key>
 		<data>
@@ -4498,11 +4642,11 @@
 		</data>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources</key>
 		<data>
-		YkBupSPsDrY/66a69+TlLWRnGhU=
+		vjgXs87TkvGD3NE/5/BYke8Cdx0=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/OpenSSL.h</key>
 		<data>
-		DjdIuAxFhzyFUVDRkDVNifi0KGQ=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/aes.h</key>
 		<data>
@@ -4510,7 +4654,7 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/asn1err.h</key>
 		<data>
@@ -4522,7 +4666,7 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/asyncerr.h</key>
 		<data>
@@ -4530,11 +4674,11 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/blowfish.h</key>
 		<data>
@@ -4542,7 +4686,7 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/bnerr.h</key>
 		<data>
@@ -4570,7 +4714,7 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/cmp_util.h</key>
 		<data>
@@ -4578,27 +4722,27 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/conf_api.h</key>
 		<data>
@@ -4610,7 +4754,7 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/configuration.h</key>
 		<data>
-		xDMCUxVOWmILMt3EzLfdmjiceQ8=
+		yjr15PIOf/CqzXE+85wawHh2fs8=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/conftypes.h</key>
 		<data>
@@ -4618,15 +4762,15 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/core_object.h</key>
 		<data>
@@ -4634,7 +4778,7 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/crmferr.h</key>
 		<data>
@@ -4642,7 +4786,7 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/cryptoerr.h</key>
 		<data>
@@ -4654,7 +4798,7 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/cterr.h</key>
 		<data>
@@ -4678,11 +4822,11 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/dsaerr.h</key>
 		<data>
@@ -4694,7 +4838,11 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>xros-arm64/OpenSSL.framework/Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/ebcdic.h</key>
 		<data>
@@ -4702,7 +4850,7 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/ecdh.h</key>
 		<data>
@@ -4734,7 +4882,7 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/ess.h</key>
 		<data>
@@ -4746,11 +4894,11 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/fips_names.h</key>
 		<data>
@@ -4764,9 +4912,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>xros-arm64/OpenSSL.framework/Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/httperr.h</key>
 		<data>
@@ -4786,11 +4938,11 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/md2.h</key>
 		<data>
@@ -4814,7 +4966,7 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/objects.h</key>
 		<data>
@@ -4838,7 +4990,7 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/ossl_typ.h</key>
 		<data>
@@ -4854,7 +5006,7 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/pem2.h</key>
 		<data>
@@ -4866,15 +5018,15 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/pkcs7err.h</key>
 		<data>
@@ -4882,19 +5034,23 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>xros-arm64/OpenSSL.framework/Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/randerr.h</key>
 		<data>
@@ -4918,7 +5074,7 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/rsaerr.h</key>
 		<data>
@@ -4938,7 +5094,7 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/shim.h</key>
 		<data>
@@ -4950,11 +5106,11 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/ssl2.h</key>
 		<data>
@@ -4962,11 +5118,11 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/sslerr_legacy.h</key>
 		<data>
@@ -4978,7 +5134,7 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/storeerr.h</key>
 		<data>
@@ -4988,17 +5144,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>xros-arm64/OpenSSL.framework/Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/tserr.h</key>
 		<data>
@@ -5010,7 +5170,7 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/ui.h</key>
 		<data>
@@ -5026,27 +5186,27 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Info.plist</key>
 		<data>
-		q6poUorFn9+M1BOWdRkgqjOklAw=
+		bah+ENbAp1Hpqi3etWGe3quZea0=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/Modules/module.modulemap</key>
 		<data>
@@ -5054,7 +5214,7 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/OpenSSL</key>
 		<data>
-		40ZGXZq7DXBnskNoB9ZLYjIKed0=
+		uyymGMp16tTb2784jGasLFclgcQ=
 		</data>
 		<key>xros-arm64/OpenSSL.framework/PrivacyInfo.xcprivacy</key>
 		<data>
@@ -5062,11 +5222,11 @@
 		</data>
 		<key>xros-arm64/OpenSSL.framework/_CodeSignature/CodeResources</key>
 		<data>
-		tNnBuiT6ECNN8DZE0r1MWAKUZpk=
+		2dBykbxAEg2+Lru1wHo619dMqmw=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h</key>
 		<data>
-		hTczpMxXst5/jxVd7Q4r5rwxL9E=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/aes.h</key>
 		<data>
@@ -5074,7 +5234,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1err.h</key>
 		<data>
@@ -5086,7 +5246,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/asyncerr.h</key>
 		<data>
@@ -5094,11 +5254,11 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/blowfish.h</key>
 		<data>
@@ -5106,7 +5266,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/bnerr.h</key>
 		<data>
@@ -5134,7 +5294,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp_util.h</key>
 		<data>
@@ -5142,27 +5302,27 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf_api.h</key>
 		<data>
@@ -5174,7 +5334,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h</key>
 		<data>
-		xDMCUxVOWmILMt3EzLfdmjiceQ8=
+		yjr15PIOf/CqzXE+85wawHh2fs8=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/conftypes.h</key>
 		<data>
@@ -5182,15 +5342,15 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_object.h</key>
 		<data>
@@ -5198,7 +5358,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmferr.h</key>
 		<data>
@@ -5206,7 +5366,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cryptoerr.h</key>
 		<data>
@@ -5218,7 +5378,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cterr.h</key>
 		<data>
@@ -5242,11 +5402,11 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsaerr.h</key>
 		<data>
@@ -5258,7 +5418,11 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ebcdic.h</key>
 		<data>
@@ -5266,7 +5430,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ecdh.h</key>
 		<data>
@@ -5298,7 +5462,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ess.h</key>
 		<data>
@@ -5310,11 +5474,11 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/fips_names.h</key>
 		<data>
@@ -5328,9 +5492,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/httperr.h</key>
 		<data>
@@ -5350,11 +5518,11 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/md2.h</key>
 		<data>
@@ -5378,7 +5546,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/objects.h</key>
 		<data>
@@ -5402,7 +5570,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ossl_typ.h</key>
 		<data>
@@ -5418,7 +5586,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem2.h</key>
 		<data>
@@ -5430,15 +5598,15 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7err.h</key>
 		<data>
@@ -5446,19 +5614,23 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/randerr.h</key>
 		<data>
@@ -5482,7 +5654,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsaerr.h</key>
 		<data>
@@ -5502,7 +5674,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/shim.h</key>
 		<data>
@@ -5514,11 +5686,11 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl2.h</key>
 		<data>
@@ -5526,11 +5698,11 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr_legacy.h</key>
 		<data>
@@ -5542,7 +5714,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/storeerr.h</key>
 		<data>
@@ -5552,17 +5724,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/tserr.h</key>
 		<data>
@@ -5574,7 +5750,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ui.h</key>
 		<data>
@@ -5590,27 +5766,27 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Info.plist</key>
 		<data>
-		lOWNiU8vTmatn1GZjzQm+Q8U0XQ=
+		JNDlylPmM0ICLugnp7oBSPEc+I0=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Modules/module.modulemap</key>
 		<data>
@@ -5618,7 +5794,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL</key>
 		<data>
-		KeXyX2KmMaRDXXgHfPdR5A9PU48=
+		ZtAv+X5o8mZ9ynkghcyygulEyWI=
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/PrivacyInfo.xcprivacy</key>
 		<data>
@@ -5626,7 +5802,7 @@
 		</data>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources</key>
 		<data>
-		FmVqQ/xOL5+A+9zzorGjf0oV0Ss=
+		JpugKEilXXUy158vYwyBom/CX8Q=
 		</data>
 	</dict>
 	<key>files2</key>
@@ -5635,11 +5811,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			mHUne0OK2xRHc4qeSSyRhXvJGpU=
+			hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 			</data>
 			<key>hash2</key>
 			<data>
-			xLMOESMOjgEI6V0X+TU3/ELC4i3Y1gp9w3fkRfzGA88=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/aes.h</key>
@@ -5657,11 +5833,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			z+PsFkgcH1/rIuo3T9MODUoNK24=
+			IKHwL052GZDacEllpSjZOblGmp8=
 			</data>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/asn1err.h</key>
@@ -5690,11 +5866,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+FaNb0DDHz6Z1bROedXceAi9ZFk=
+			DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 			</data>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/asyncerr.h</key>
@@ -5712,22 +5888,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			dhAlip0uGrwjivvfzXhz7gIBbL4=
+			jf7KjxIHyE1IXp6H14cZiso92NU=
 			</data>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/bioerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			hLGduZHZSiaWh7890Ft+Dirp0V8=
+			IbiWzoIahXRttNPxiu0IIxtDPTw=
 			</data>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/blowfish.h</key>
@@ -5745,11 +5921,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+			6PFTH929dRBU8jPAwC+1gfmXlGc=
 			</data>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/bnerr.h</key>
@@ -5822,11 +5998,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+			3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 			</data>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/cmp_util.h</key>
@@ -5844,66 +6020,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MAd6LB0eBGnM306fpyRFIKQcmnw=
+			+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 			</data>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/cms.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			aohtAuDEldlIEw7LDjA5LYFYouQ=
+			8J3HyXxvCfQMYdroObf/TvDcJNM=
 			</data>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/cmserr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+			eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/comp.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			cSe/54NKUratn7HXqkgwHAAbU+E=
+			R8EdXFre5Xth1a1xLWy+huW6XA8=
 			</data>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/comperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			na2NDAO6KtNEZeQJryn0rAk8gm0=
+			ffVaVXoIFyUQtghDWdg4YaL3yYA=
 			</data>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/conf.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			nUukHRjB8Dl5FxMUw81UXmi108o=
+			eoMetSrNK1X+ip6Nv4MhDZFxESE=
 			</data>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/conf_api.h</key>
@@ -5932,11 +6108,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+F2jiEDb2+x9S5t4KDebzaDtLpY=
+			ia9Lq9Ma5Kl0sdwkNFmHsS3OUkU=
 			</data>
 			<key>hash2</key>
 			<data>
-			cs0kyZNCNdHbtdmNU1KeoB/r0e8M1WZ9ssC9Mu9hsaM=
+			U+oCGPKn5mmjbIJuiM9+qxL6r+Nyru/o9FRYnKGxn88=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/conftypes.h</key>
@@ -5954,33 +6130,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			DgKxuVMedZnWrYwn3+QZmlvjWZc=
+			mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 			</data>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			zUi9uRmH2QVO4Mxx9idYALHrvAw=
+			OEt2/D0GlXTJj92u50WOnLzBcZw=
 			</data>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/core_names.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+			14HBtWbGIKudKLLGnsLvx1qFFAw=
 			</data>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/core_object.h</key>
@@ -5998,11 +6174,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			TzEzvoMGWZVYIVXybYVJXpBtPE4=
+			EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 			</data>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/crmferr.h</key>
@@ -6020,11 +6196,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+cZ/iqyPSjobdtAMfPofJkdC24s=
+			ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 			</data>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/cryptoerr.h</key>
@@ -6053,11 +6229,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			oarc/5DbZaex1uozr5vLGecVUYk=
+			ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 			</data>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/cterr.h</key>
@@ -6119,22 +6295,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			QifzkCnry6Rjwjm02D0W2iPpaoU=
+			PowAtdT+ur+5jz/YnAc0EHVVfYY=
 			</data>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/dsa.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			sz5tTilR8g0xjgAEoMUOAJgIQaY=
+			H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 			</data>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/dsaerr.h</key>
@@ -6163,11 +6339,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			tH/S000xyavHjsqNlVGAMQHtrPM=
+			0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+			</data>
+			<key>hash2</key>
+			<data>
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>ios-arm64/OpenSSL.framework/Headers/e_ostime.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			Rl/39YfOzRSimoGdKMvxr1d00LM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/ebcdic.h</key>
@@ -6185,11 +6372,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			m7p7LakDX6kSXm8j7MWMgSLjumQ=
+			kkZLbejT9KttWpplQJutvdfleJ4=
 			</data>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/ecdh.h</key>
@@ -6273,11 +6460,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			NvspHDi43yz2hiAWCvupOzf/71U=
+			PtVZORM3ByW96U6jpN72xVA5Dlo=
 			</data>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/ess.h</key>
@@ -6306,22 +6493,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			xfiJMp65BDUi3aXZvvuZrt7L9+0=
+			u8HQdWo73ke46uV//yNBE9jiFec=
 			</data>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/evperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			NRjb8Dk85VMOg0csAOKMpjdNSvU=
+			K88FXrMN/IFeOll/L3T2NG1VAho=
 			</data>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/fips_names.h</key>
@@ -6357,15 +6544,26 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>ios-arm64/OpenSSL.framework/Headers/hpke.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			C4ovQTTt0OhXALzYIGunYN0Watg=
+			</data>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/http.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			iNdpr4bT5ifrtYNy2wdayLYIWxg=
+			iqn5HuY54xYRncFTjLQB6CcMbpY=
 			</data>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/httperr.h</key>
@@ -6416,22 +6614,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			EMRnX9ax6zLHBXxnmTSiazj/Eag=
+			PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 			</data>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/macros.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Usaoz4ODoAuZGwIWWW73o7Bacc0=
+			2Ofn24hQHHn/ydr7WESDi2Wf0us=
 			</data>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/md2.h</key>
@@ -6493,11 +6691,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			PKGiophkl+465XsKlaE0RbcWIpY=
+			eTx8IurZN7tVu4hYlw/OjmcTMU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/objects.h</key>
@@ -6559,11 +6757,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			mXcJfEZz+aFQawvCfn5r6HkVePE=
+			8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/ossl_typ.h</key>
@@ -6603,11 +6801,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			biCqnu2V9RsFSKrBa/hF2A7+DLU=
+			kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 			</data>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/pem2.h</key>
@@ -6636,33 +6834,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MLVdfoh2kwlsuk9cXYskHRR3mys=
+			/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 			</data>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Gfn2rYsc58gNXbT6civ9+JHTERI=
+			6J06QNUavdqYCKAM/T8R8DaQfgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/pkcs7.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+			klUHME98kAar+DN4RqP/9F2nqgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/pkcs7err.h</key>
@@ -6680,44 +6878,55 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			7rQU10ajXY8qFAuBupPVP4Z38b0=
+			I5abNWBI3Vr60mASKOdgGYGLnjM=
 			</data>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/proverr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+			Us8FRSexKB+saV/iHv19bVqv1ys=
 			</data>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/provider.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S/AzcddQm464ZXFcs7Vc0qr8H9o=
+			6rAp3g2H8LF8wEcSTgoPPhdjR0M=
 			</data>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>ios-arm64/OpenSSL.framework/Headers/quic.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			FT7e2yALtA5OrfVSMXVnHbyvNT0=
+			</data>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/rand.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			RbjbL965PTH5V1c96XeaxDqc1Bs=
+			tX64JzS8iUAcgICZc7CYr10U+O4=
 			</data>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/randerr.h</key>
@@ -6779,11 +6988,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+			1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 			</data>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/rsaerr.h</key>
@@ -6834,11 +7043,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+			XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 			</data>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/shim.h</key>
@@ -6867,22 +7076,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+			Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 			</data>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/ssl.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			H6fBRX9V6tBvFg31BQ4llKH6iuU=
+			oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 			</data>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/ssl2.h</key>
@@ -6900,22 +7109,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+			quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 			</data>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/sslerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			yK43KOTkyrnZSQyDc5YAogavqJ8=
+			/eBMsgFyNFsW6ny0bkuBwgLrV74=
 			</data>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/sslerr_legacy.h</key>
@@ -6944,11 +7153,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			fegXSOFHdhd4iLv0QwfUKFQDdcA=
+			cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 			</data>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/storeerr.h</key>
@@ -6973,37 +7182,48 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>ios-arm64/OpenSSL.framework/Headers/thread.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			I1hNXzQNowl99hyAsBTCu2VmjRQ=
+			</data>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/tls1.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			X9R0FXKYZoqq6+rpqOicBgmUbY8=
+			2RPzwNlBNfKrQ1WyFD68eMEc//o=
 			</data>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/trace.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			piBR67GOuHdxC49rFxlGIf167T8=
+			fLX9FULaG2zjQ9KORHF12sHsL4U=
 			</data>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/ts.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			PvBLnP6OxB2m9yPm7iof8juEBnY=
+			18spUTy4DzuZorIB4Lp830dOb24=
 			</data>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/tserr.h</key>
@@ -7032,11 +7252,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			9FnIjEDd7Ga455uw7oTWdFsJurk=
+			edL/ICzzvHqFHJKhxWjK1eeWzDA=
 			</data>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/ui.h</key>
@@ -7076,66 +7296,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+			kRkTo7TTjRSRFn5qHP7JWVivHX0=
 			</data>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2N5BSz89lt/srKzCqnlOodJKXvg=
+			8na6aklL2A7onuXeMTRthbXhwOk=
 			</data>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/x509err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+			B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 			</data>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/x509v3.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2S/uEecfn7PGXF1xOEahZ/6gJIU=
+			5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 			</data>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Headers/x509v3err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Yuj0qO2vTX/exW9Ak907VCDetgE=
+			Y1fEIggloQI5ervvbjaNV/vKT94=
 			</data>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Info.plist</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			p8pGcPfYkvwcSjn6YFMGuc6tJ8Q=
+			QrYuUiaf0eAsvjMGE/3sfZCnj4w=
 			</data>
 			<key>hash2</key>
 			<data>
-			tXH506DA5eWfFLQmZDZkOuR3vo9UBf5kCq5tPLZdWqE=
+			MRmdqi7o64zQeeEzXyVuVnyppULwR62CENH2DLFXEmY=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/Modules/module.modulemap</key>
@@ -7153,11 +7373,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			ppCq5C88xtvkU2CDACx36kXXnVo=
+			7JonS9XM9veasPdXQEhq+nihrRY=
 			</data>
 			<key>hash2</key>
 			<data>
-			aRICbJj9y/t3T9O8/XD2bn81gtWokSlM9iqQRQXTLss=
+			3PitdlxxHUwxthm6dMGWSfJw4RTHnBgjAtwEA5g0vZE=
 			</data>
 		</dict>
 		<key>ios-arm64/OpenSSL.framework/PrivacyInfo.xcprivacy</key>
@@ -7175,11 +7395,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			746iBFjmKPWtAN5UCFjk059kcNM=
+			fC3oucFnqWZPqNAJ10CQhnPJk8Y=
 			</data>
 			<key>hash2</key>
 			<data>
-			HWJKw5s7k7iZg/Pw5b2nA4utf0RuyVpebSyCh7xLGQY=
+			G9NBOFfM2hZurj6x4/NykX33CixPdq1l8RS92Yi7b08=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers</key>
@@ -7206,11 +7426,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			yQ/UmV4eSHkkDZlFCuXnVKCz0tw=
+			hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 			</data>
 			<key>hash2</key>
 			<data>
-			D2BYxlAqnizcnS9U3aoMLgxeXmkTrZNBx6cGmNsSqRQ=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/aes.h</key>
@@ -7228,11 +7448,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			z+PsFkgcH1/rIuo3T9MODUoNK24=
+			IKHwL052GZDacEllpSjZOblGmp8=
 			</data>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/asn1err.h</key>
@@ -7261,11 +7481,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+FaNb0DDHz6Z1bROedXceAi9ZFk=
+			DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 			</data>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/asyncerr.h</key>
@@ -7283,22 +7503,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			dhAlip0uGrwjivvfzXhz7gIBbL4=
+			jf7KjxIHyE1IXp6H14cZiso92NU=
 			</data>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/bioerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			hLGduZHZSiaWh7890Ft+Dirp0V8=
+			IbiWzoIahXRttNPxiu0IIxtDPTw=
 			</data>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/blowfish.h</key>
@@ -7316,11 +7536,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+			6PFTH929dRBU8jPAwC+1gfmXlGc=
 			</data>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/bnerr.h</key>
@@ -7393,11 +7613,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+			3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 			</data>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cmp_util.h</key>
@@ -7415,66 +7635,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MAd6LB0eBGnM306fpyRFIKQcmnw=
+			+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 			</data>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cms.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			aohtAuDEldlIEw7LDjA5LYFYouQ=
+			8J3HyXxvCfQMYdroObf/TvDcJNM=
 			</data>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cmserr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+			eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/comp.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			cSe/54NKUratn7HXqkgwHAAbU+E=
+			R8EdXFre5Xth1a1xLWy+huW6XA8=
 			</data>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/comperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			na2NDAO6KtNEZeQJryn0rAk8gm0=
+			ffVaVXoIFyUQtghDWdg4YaL3yYA=
 			</data>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/conf.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			nUukHRjB8Dl5FxMUw81UXmi108o=
+			eoMetSrNK1X+ip6Nv4MhDZFxESE=
 			</data>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/conf_api.h</key>
@@ -7503,11 +7723,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			yKcrJg/N+yC02bZRUkC+0bBZR98=
+			lScZfdfcK3XXRdUgxXzIzzZ9CoM=
 			</data>
 			<key>hash2</key>
 			<data>
-			aS1Dl916uCFc1MMoDEmdeNcmxDpqochC8fhGgnn3+EU=
+			+jfF9b6H8IHvka44tRlIBPNUCGZJHt5pUyvP/gzKB1U=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/conftypes.h</key>
@@ -7525,33 +7745,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			DgKxuVMedZnWrYwn3+QZmlvjWZc=
+			mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 			</data>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			zUi9uRmH2QVO4Mxx9idYALHrvAw=
+			OEt2/D0GlXTJj92u50WOnLzBcZw=
 			</data>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core_names.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+			14HBtWbGIKudKLLGnsLvx1qFFAw=
 			</data>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core_object.h</key>
@@ -7569,11 +7789,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			TzEzvoMGWZVYIVXybYVJXpBtPE4=
+			EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 			</data>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/crmferr.h</key>
@@ -7591,11 +7811,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+cZ/iqyPSjobdtAMfPofJkdC24s=
+			ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 			</data>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cryptoerr.h</key>
@@ -7624,11 +7844,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			oarc/5DbZaex1uozr5vLGecVUYk=
+			ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 			</data>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cterr.h</key>
@@ -7690,22 +7910,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			QifzkCnry6Rjwjm02D0W2iPpaoU=
+			PowAtdT+ur+5jz/YnAc0EHVVfYY=
 			</data>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/dsa.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			sz5tTilR8g0xjgAEoMUOAJgIQaY=
+			H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 			</data>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/dsaerr.h</key>
@@ -7734,11 +7954,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			tH/S000xyavHjsqNlVGAMQHtrPM=
+			0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+			</data>
+			<key>hash2</key>
+			<data>
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/e_ostime.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			Rl/39YfOzRSimoGdKMvxr1d00LM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ebcdic.h</key>
@@ -7756,11 +7987,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			m7p7LakDX6kSXm8j7MWMgSLjumQ=
+			kkZLbejT9KttWpplQJutvdfleJ4=
 			</data>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ecdh.h</key>
@@ -7844,11 +8075,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			NvspHDi43yz2hiAWCvupOzf/71U=
+			PtVZORM3ByW96U6jpN72xVA5Dlo=
 			</data>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ess.h</key>
@@ -7877,22 +8108,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			xfiJMp65BDUi3aXZvvuZrt7L9+0=
+			u8HQdWo73ke46uV//yNBE9jiFec=
 			</data>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/evperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			NRjb8Dk85VMOg0csAOKMpjdNSvU=
+			K88FXrMN/IFeOll/L3T2NG1VAho=
 			</data>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/fips_names.h</key>
@@ -7928,15 +8159,26 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/hpke.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			C4ovQTTt0OhXALzYIGunYN0Watg=
+			</data>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/http.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			iNdpr4bT5ifrtYNy2wdayLYIWxg=
+			iqn5HuY54xYRncFTjLQB6CcMbpY=
 			</data>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/httperr.h</key>
@@ -7987,22 +8229,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			EMRnX9ax6zLHBXxnmTSiazj/Eag=
+			PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 			</data>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/macros.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Usaoz4ODoAuZGwIWWW73o7Bacc0=
+			2Ofn24hQHHn/ydr7WESDi2Wf0us=
 			</data>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/md2.h</key>
@@ -8064,11 +8306,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			PKGiophkl+465XsKlaE0RbcWIpY=
+			eTx8IurZN7tVu4hYlw/OjmcTMU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/objects.h</key>
@@ -8130,11 +8372,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			mXcJfEZz+aFQawvCfn5r6HkVePE=
+			8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ossl_typ.h</key>
@@ -8174,11 +8416,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			biCqnu2V9RsFSKrBa/hF2A7+DLU=
+			kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 			</data>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pem2.h</key>
@@ -8207,33 +8449,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MLVdfoh2kwlsuk9cXYskHRR3mys=
+			/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 			</data>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Gfn2rYsc58gNXbT6civ9+JHTERI=
+			6J06QNUavdqYCKAM/T8R8DaQfgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs7.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+			klUHME98kAar+DN4RqP/9F2nqgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs7err.h</key>
@@ -8251,44 +8493,55 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			7rQU10ajXY8qFAuBupPVP4Z38b0=
+			I5abNWBI3Vr60mASKOdgGYGLnjM=
 			</data>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/proverr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+			Us8FRSexKB+saV/iHv19bVqv1ys=
 			</data>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/provider.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S/AzcddQm464ZXFcs7Vc0qr8H9o=
+			6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+			</data>
+			<key>hash2</key>
+			<data>
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/quic.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			FT7e2yALtA5OrfVSMXVnHbyvNT0=
 			</data>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/rand.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			RbjbL965PTH5V1c96XeaxDqc1Bs=
+			tX64JzS8iUAcgICZc7CYr10U+O4=
 			</data>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/randerr.h</key>
@@ -8350,11 +8603,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+			1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 			</data>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/rsaerr.h</key>
@@ -8405,11 +8658,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+			XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 			</data>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/shim.h</key>
@@ -8438,22 +8691,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+			Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 			</data>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ssl.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			H6fBRX9V6tBvFg31BQ4llKH6iuU=
+			oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 			</data>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ssl2.h</key>
@@ -8471,22 +8724,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+			quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 			</data>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/sslerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			yK43KOTkyrnZSQyDc5YAogavqJ8=
+			/eBMsgFyNFsW6ny0bkuBwgLrV74=
 			</data>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/sslerr_legacy.h</key>
@@ -8515,11 +8768,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			fegXSOFHdhd4iLv0QwfUKFQDdcA=
+			cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 			</data>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/storeerr.h</key>
@@ -8544,37 +8797,48 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/thread.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			I1hNXzQNowl99hyAsBTCu2VmjRQ=
+			</data>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/tls1.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			X9R0FXKYZoqq6+rpqOicBgmUbY8=
+			2RPzwNlBNfKrQ1WyFD68eMEc//o=
 			</data>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/trace.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			piBR67GOuHdxC49rFxlGIf167T8=
+			fLX9FULaG2zjQ9KORHF12sHsL4U=
 			</data>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ts.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			PvBLnP6OxB2m9yPm7iof8juEBnY=
+			18spUTy4DzuZorIB4Lp830dOb24=
 			</data>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/tserr.h</key>
@@ -8603,11 +8867,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			9FnIjEDd7Ga455uw7oTWdFsJurk=
+			edL/ICzzvHqFHJKhxWjK1eeWzDA=
 			</data>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ui.h</key>
@@ -8647,55 +8911,55 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+			kRkTo7TTjRSRFn5qHP7JWVivHX0=
 			</data>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2N5BSz89lt/srKzCqnlOodJKXvg=
+			8na6aklL2A7onuXeMTRthbXhwOk=
 			</data>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+			B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 			</data>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509v3.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2S/uEecfn7PGXF1xOEahZ/6gJIU=
+			5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 			</data>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509v3err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Yuj0qO2vTX/exW9Ak907VCDetgE=
+			Y1fEIggloQI5ervvbjaNV/vKT94=
 			</data>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Modules/module.modulemap</key>
@@ -8713,22 +8977,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			fLRat1H8sWPVJbjufnRyb6H76PI=
+			OtyS1Dz6HLbi3iD9en5zLUCY1Cs=
 			</data>
 			<key>hash2</key>
 			<data>
-			GyBLNn7l3+M/L3XfSKB8wj3yWBgtNY0izzH4uGiUMt4=
+			lItXVa1QYAgaq54rK4J6ZbZRLQdC0/IX2jtL6dsusGU=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Resources/Info.plist</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			OJvQ7pX3wlgZRJKyNUDPz1Nh/6c=
+			locKjucac2EJ89FRFaQ2fAquWYc=
 			</data>
 			<key>hash2</key>
 			<data>
-			yczszjXaMdNjkzN8QAh3+KJb8CT9PUta8R5wlU3Sjmk=
+			ez/Aj0H33BcLqRgrYn5ICQTTXnbR7jOS5WgmhhjSVUg=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Resources/PrivacyInfo.xcprivacy</key>
@@ -8746,11 +9010,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			K/EvKivFw7A4z4e4u7Ewejfo+UQ=
+			hrSqgBpvYsXxI967h50+QSo7A7w=
 			</data>
 			<key>hash2</key>
 			<data>
-			E5xktUY8g2VYf2yRA/Sd44QrkzODwh53giWX52HiSUo=
+			cceqFNG102ub9xGF1i/D88uhzK5cCb0KfmGSLWrvyPE=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/Current</key>
@@ -8762,11 +9026,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			fK1QdcAv69VIFSZCMl9bAZN5138=
+			hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 			</data>
 			<key>hash2</key>
 			<data>
-			+aggzhoLQO9+2U0R3B6NGZYcUWXNz7998XU85JtsB0E=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/aes.h</key>
@@ -8784,11 +9048,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			z+PsFkgcH1/rIuo3T9MODUoNK24=
+			IKHwL052GZDacEllpSjZOblGmp8=
 			</data>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1err.h</key>
@@ -8817,11 +9081,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+FaNb0DDHz6Z1bROedXceAi9ZFk=
+			DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 			</data>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/asyncerr.h</key>
@@ -8839,22 +9103,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			dhAlip0uGrwjivvfzXhz7gIBbL4=
+			jf7KjxIHyE1IXp6H14cZiso92NU=
 			</data>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			hLGduZHZSiaWh7890Ft+Dirp0V8=
+			IbiWzoIahXRttNPxiu0IIxtDPTw=
 			</data>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/blowfish.h</key>
@@ -8872,11 +9136,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+			6PFTH929dRBU8jPAwC+1gfmXlGc=
 			</data>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/bnerr.h</key>
@@ -8949,11 +9213,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+			3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 			</data>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp_util.h</key>
@@ -8971,66 +9235,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MAd6LB0eBGnM306fpyRFIKQcmnw=
+			+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 			</data>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			aohtAuDEldlIEw7LDjA5LYFYouQ=
+			8J3HyXxvCfQMYdroObf/TvDcJNM=
 			</data>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+			eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			cSe/54NKUratn7HXqkgwHAAbU+E=
+			R8EdXFre5Xth1a1xLWy+huW6XA8=
 			</data>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			na2NDAO6KtNEZeQJryn0rAk8gm0=
+			ffVaVXoIFyUQtghDWdg4YaL3yYA=
 			</data>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			nUukHRjB8Dl5FxMUw81UXmi108o=
+			eoMetSrNK1X+ip6Nv4MhDZFxESE=
 			</data>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf_api.h</key>
@@ -9059,11 +9323,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+F2jiEDb2+x9S5t4KDebzaDtLpY=
+			ia9Lq9Ma5Kl0sdwkNFmHsS3OUkU=
 			</data>
 			<key>hash2</key>
 			<data>
-			cs0kyZNCNdHbtdmNU1KeoB/r0e8M1WZ9ssC9Mu9hsaM=
+			U+oCGPKn5mmjbIJuiM9+qxL6r+Nyru/o9FRYnKGxn88=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/conftypes.h</key>
@@ -9081,33 +9345,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			DgKxuVMedZnWrYwn3+QZmlvjWZc=
+			mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 			</data>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			zUi9uRmH2QVO4Mxx9idYALHrvAw=
+			OEt2/D0GlXTJj92u50WOnLzBcZw=
 			</data>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+			14HBtWbGIKudKLLGnsLvx1qFFAw=
 			</data>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_object.h</key>
@@ -9125,11 +9389,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			TzEzvoMGWZVYIVXybYVJXpBtPE4=
+			EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 			</data>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmferr.h</key>
@@ -9147,11 +9411,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+cZ/iqyPSjobdtAMfPofJkdC24s=
+			ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 			</data>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cryptoerr.h</key>
@@ -9180,11 +9444,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			oarc/5DbZaex1uozr5vLGecVUYk=
+			ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 			</data>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cterr.h</key>
@@ -9246,22 +9510,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			QifzkCnry6Rjwjm02D0W2iPpaoU=
+			PowAtdT+ur+5jz/YnAc0EHVVfYY=
 			</data>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			sz5tTilR8g0xjgAEoMUOAJgIQaY=
+			H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 			</data>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsaerr.h</key>
@@ -9290,11 +9554,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			tH/S000xyavHjsqNlVGAMQHtrPM=
+			0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
 			</data>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			Rl/39YfOzRSimoGdKMvxr1d00LM=
+			</data>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ebcdic.h</key>
@@ -9312,11 +9587,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			m7p7LakDX6kSXm8j7MWMgSLjumQ=
+			kkZLbejT9KttWpplQJutvdfleJ4=
 			</data>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ecdh.h</key>
@@ -9400,11 +9675,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			NvspHDi43yz2hiAWCvupOzf/71U=
+			PtVZORM3ByW96U6jpN72xVA5Dlo=
 			</data>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ess.h</key>
@@ -9433,22 +9708,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			xfiJMp65BDUi3aXZvvuZrt7L9+0=
+			u8HQdWo73ke46uV//yNBE9jiFec=
 			</data>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			NRjb8Dk85VMOg0csAOKMpjdNSvU=
+			K88FXrMN/IFeOll/L3T2NG1VAho=
 			</data>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/fips_names.h</key>
@@ -9484,15 +9759,26 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			C4ovQTTt0OhXALzYIGunYN0Watg=
+			</data>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			iNdpr4bT5ifrtYNy2wdayLYIWxg=
+			iqn5HuY54xYRncFTjLQB6CcMbpY=
 			</data>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/httperr.h</key>
@@ -9543,22 +9829,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			EMRnX9ax6zLHBXxnmTSiazj/Eag=
+			PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 			</data>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Usaoz4ODoAuZGwIWWW73o7Bacc0=
+			2Ofn24hQHHn/ydr7WESDi2Wf0us=
 			</data>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/md2.h</key>
@@ -9620,11 +9906,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			PKGiophkl+465XsKlaE0RbcWIpY=
+			eTx8IurZN7tVu4hYlw/OjmcTMU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/objects.h</key>
@@ -9686,11 +9972,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			mXcJfEZz+aFQawvCfn5r6HkVePE=
+			8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ossl_typ.h</key>
@@ -9730,11 +10016,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			biCqnu2V9RsFSKrBa/hF2A7+DLU=
+			kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 			</data>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem2.h</key>
@@ -9763,33 +10049,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MLVdfoh2kwlsuk9cXYskHRR3mys=
+			/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 			</data>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Gfn2rYsc58gNXbT6civ9+JHTERI=
+			6J06QNUavdqYCKAM/T8R8DaQfgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+			klUHME98kAar+DN4RqP/9F2nqgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7err.h</key>
@@ -9807,44 +10093,55 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			7rQU10ajXY8qFAuBupPVP4Z38b0=
+			I5abNWBI3Vr60mASKOdgGYGLnjM=
 			</data>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+			Us8FRSexKB+saV/iHv19bVqv1ys=
 			</data>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S/AzcddQm464ZXFcs7Vc0qr8H9o=
+			6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+			</data>
+			<key>hash2</key>
+			<data>
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			FT7e2yALtA5OrfVSMXVnHbyvNT0=
 			</data>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			RbjbL965PTH5V1c96XeaxDqc1Bs=
+			tX64JzS8iUAcgICZc7CYr10U+O4=
 			</data>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/randerr.h</key>
@@ -9906,11 +10203,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+			1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 			</data>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsaerr.h</key>
@@ -9961,11 +10258,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+			XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 			</data>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/shim.h</key>
@@ -9994,22 +10291,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+			Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 			</data>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			H6fBRX9V6tBvFg31BQ4llKH6iuU=
+			oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 			</data>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl2.h</key>
@@ -10027,22 +10324,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+			quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 			</data>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			yK43KOTkyrnZSQyDc5YAogavqJ8=
+			/eBMsgFyNFsW6ny0bkuBwgLrV74=
 			</data>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr_legacy.h</key>
@@ -10071,11 +10368,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			fegXSOFHdhd4iLv0QwfUKFQDdcA=
+			cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 			</data>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/storeerr.h</key>
@@ -10100,37 +10397,48 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			I1hNXzQNowl99hyAsBTCu2VmjRQ=
+			</data>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			X9R0FXKYZoqq6+rpqOicBgmUbY8=
+			2RPzwNlBNfKrQ1WyFD68eMEc//o=
 			</data>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			piBR67GOuHdxC49rFxlGIf167T8=
+			fLX9FULaG2zjQ9KORHF12sHsL4U=
 			</data>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			PvBLnP6OxB2m9yPm7iof8juEBnY=
+			18spUTy4DzuZorIB4Lp830dOb24=
 			</data>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/tserr.h</key>
@@ -10159,11 +10467,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			9FnIjEDd7Ga455uw7oTWdFsJurk=
+			edL/ICzzvHqFHJKhxWjK1eeWzDA=
 			</data>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ui.h</key>
@@ -10203,66 +10511,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+			kRkTo7TTjRSRFn5qHP7JWVivHX0=
 			</data>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2N5BSz89lt/srKzCqnlOodJKXvg=
+			8na6aklL2A7onuXeMTRthbXhwOk=
 			</data>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+			B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 			</data>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2S/uEecfn7PGXF1xOEahZ/6gJIU=
+			5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 			</data>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Yuj0qO2vTX/exW9Ak907VCDetgE=
+			Y1fEIggloQI5ervvbjaNV/vKT94=
 			</data>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Info.plist</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			0m8oytXurvYln9OPfsAnw+9bPyc=
+			Wx0Sw4H53tuW3NqecVlInMDXno4=
 			</data>
 			<key>hash2</key>
 			<data>
-			Su1VTPHxOaBhqZ0b38Hu/TU1+kCW5MscnpGggc7LXFw=
+			gMk5rxj8HmTLxEjMno/GnrNq3cDd+KTQMwcjSUWyJpo=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/Modules/module.modulemap</key>
@@ -10280,11 +10588,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			ifxd21P+xNRtFnuIcwsRk4Ui+xI=
+			q9iM5x2mXn+A54mbHgXuLArAnGg=
 			</data>
 			<key>hash2</key>
 			<data>
-			26GSFABu5xK7KOEr/HZvpImCyHzP2J13d5/QzIxSNIk=
+			4ihcMeQlnzveT6vlogYf/W+Lg4mayZoXdmtJhCEgYY4=
 			</data>
 		</dict>
 		<key>ios-arm64_x86_64-simulator/OpenSSL.framework/PrivacyInfo.xcprivacy</key>
@@ -10302,11 +10610,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			zYFgTH51DNezs/BjgVnluy4an14=
+			eWd3qtmct8/l+Kb1qHnrNDRxnxc=
 			</data>
 			<key>hash2</key>
 			<data>
-			yOmJqoI4HtuH2oPEjtg6Olw4MBjlWXJPTzlnDED5MNI=
+			QSrokYkggRiOg8rQjZv/6wxG3vvYIY6WW8ZTqbgmmiY=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Headers</key>
@@ -10333,11 +10641,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			fK1QdcAv69VIFSZCMl9bAZN5138=
+			hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 			</data>
 			<key>hash2</key>
 			<data>
-			+aggzhoLQO9+2U0R3B6NGZYcUWXNz7998XU85JtsB0E=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/aes.h</key>
@@ -10355,11 +10663,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			z+PsFkgcH1/rIuo3T9MODUoNK24=
+			IKHwL052GZDacEllpSjZOblGmp8=
 			</data>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/asn1err.h</key>
@@ -10388,11 +10696,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+FaNb0DDHz6Z1bROedXceAi9ZFk=
+			DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 			</data>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/asyncerr.h</key>
@@ -10410,22 +10718,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			dhAlip0uGrwjivvfzXhz7gIBbL4=
+			jf7KjxIHyE1IXp6H14cZiso92NU=
 			</data>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/bioerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			hLGduZHZSiaWh7890Ft+Dirp0V8=
+			IbiWzoIahXRttNPxiu0IIxtDPTw=
 			</data>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/blowfish.h</key>
@@ -10443,11 +10751,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+			6PFTH929dRBU8jPAwC+1gfmXlGc=
 			</data>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/bnerr.h</key>
@@ -10520,11 +10828,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+			3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 			</data>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cmp_util.h</key>
@@ -10542,66 +10850,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MAd6LB0eBGnM306fpyRFIKQcmnw=
+			+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 			</data>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cms.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			aohtAuDEldlIEw7LDjA5LYFYouQ=
+			8J3HyXxvCfQMYdroObf/TvDcJNM=
 			</data>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cmserr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+			eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/comp.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			cSe/54NKUratn7HXqkgwHAAbU+E=
+			R8EdXFre5Xth1a1xLWy+huW6XA8=
 			</data>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/comperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			na2NDAO6KtNEZeQJryn0rAk8gm0=
+			ffVaVXoIFyUQtghDWdg4YaL3yYA=
 			</data>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/conf.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			nUukHRjB8Dl5FxMUw81UXmi108o=
+			eoMetSrNK1X+ip6Nv4MhDZFxESE=
 			</data>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/conf_api.h</key>
@@ -10630,11 +10938,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			yKcrJg/N+yC02bZRUkC+0bBZR98=
+			lScZfdfcK3XXRdUgxXzIzzZ9CoM=
 			</data>
 			<key>hash2</key>
 			<data>
-			aS1Dl916uCFc1MMoDEmdeNcmxDpqochC8fhGgnn3+EU=
+			+jfF9b6H8IHvka44tRlIBPNUCGZJHt5pUyvP/gzKB1U=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/conftypes.h</key>
@@ -10652,33 +10960,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			DgKxuVMedZnWrYwn3+QZmlvjWZc=
+			mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 			</data>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			zUi9uRmH2QVO4Mxx9idYALHrvAw=
+			OEt2/D0GlXTJj92u50WOnLzBcZw=
 			</data>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core_names.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+			14HBtWbGIKudKLLGnsLvx1qFFAw=
 			</data>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core_object.h</key>
@@ -10696,11 +11004,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			TzEzvoMGWZVYIVXybYVJXpBtPE4=
+			EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 			</data>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/crmferr.h</key>
@@ -10718,11 +11026,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+cZ/iqyPSjobdtAMfPofJkdC24s=
+			ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 			</data>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cryptoerr.h</key>
@@ -10751,11 +11059,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			oarc/5DbZaex1uozr5vLGecVUYk=
+			ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 			</data>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cterr.h</key>
@@ -10817,22 +11125,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			QifzkCnry6Rjwjm02D0W2iPpaoU=
+			PowAtdT+ur+5jz/YnAc0EHVVfYY=
 			</data>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/dsa.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			sz5tTilR8g0xjgAEoMUOAJgIQaY=
+			H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 			</data>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/dsaerr.h</key>
@@ -10861,11 +11169,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			tH/S000xyavHjsqNlVGAMQHtrPM=
+			0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+			</data>
+			<key>hash2</key>
+			<data>
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/e_ostime.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			Rl/39YfOzRSimoGdKMvxr1d00LM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ebcdic.h</key>
@@ -10883,11 +11202,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			m7p7LakDX6kSXm8j7MWMgSLjumQ=
+			kkZLbejT9KttWpplQJutvdfleJ4=
 			</data>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ecdh.h</key>
@@ -10971,11 +11290,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			NvspHDi43yz2hiAWCvupOzf/71U=
+			PtVZORM3ByW96U6jpN72xVA5Dlo=
 			</data>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ess.h</key>
@@ -11004,22 +11323,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			xfiJMp65BDUi3aXZvvuZrt7L9+0=
+			u8HQdWo73ke46uV//yNBE9jiFec=
 			</data>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/evperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			NRjb8Dk85VMOg0csAOKMpjdNSvU=
+			K88FXrMN/IFeOll/L3T2NG1VAho=
 			</data>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/fips_names.h</key>
@@ -11055,15 +11374,26 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/hpke.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			C4ovQTTt0OhXALzYIGunYN0Watg=
+			</data>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/http.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			iNdpr4bT5ifrtYNy2wdayLYIWxg=
+			iqn5HuY54xYRncFTjLQB6CcMbpY=
 			</data>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/httperr.h</key>
@@ -11114,22 +11444,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			EMRnX9ax6zLHBXxnmTSiazj/Eag=
+			PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 			</data>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/macros.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Usaoz4ODoAuZGwIWWW73o7Bacc0=
+			2Ofn24hQHHn/ydr7WESDi2Wf0us=
 			</data>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/md2.h</key>
@@ -11191,11 +11521,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			PKGiophkl+465XsKlaE0RbcWIpY=
+			eTx8IurZN7tVu4hYlw/OjmcTMU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/objects.h</key>
@@ -11257,11 +11587,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			mXcJfEZz+aFQawvCfn5r6HkVePE=
+			8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ossl_typ.h</key>
@@ -11301,11 +11631,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			biCqnu2V9RsFSKrBa/hF2A7+DLU=
+			kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 			</data>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pem2.h</key>
@@ -11334,33 +11664,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MLVdfoh2kwlsuk9cXYskHRR3mys=
+			/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 			</data>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Gfn2rYsc58gNXbT6civ9+JHTERI=
+			6J06QNUavdqYCKAM/T8R8DaQfgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs7.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+			klUHME98kAar+DN4RqP/9F2nqgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs7err.h</key>
@@ -11378,44 +11708,55 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			7rQU10ajXY8qFAuBupPVP4Z38b0=
+			I5abNWBI3Vr60mASKOdgGYGLnjM=
 			</data>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/proverr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+			Us8FRSexKB+saV/iHv19bVqv1ys=
 			</data>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/provider.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S/AzcddQm464ZXFcs7Vc0qr8H9o=
+			6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+			</data>
+			<key>hash2</key>
+			<data>
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/quic.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			FT7e2yALtA5OrfVSMXVnHbyvNT0=
 			</data>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/rand.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			RbjbL965PTH5V1c96XeaxDqc1Bs=
+			tX64JzS8iUAcgICZc7CYr10U+O4=
 			</data>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/randerr.h</key>
@@ -11477,11 +11818,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+			1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 			</data>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/rsaerr.h</key>
@@ -11532,11 +11873,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+			XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 			</data>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/shim.h</key>
@@ -11565,22 +11906,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+			Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 			</data>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ssl.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			H6fBRX9V6tBvFg31BQ4llKH6iuU=
+			oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 			</data>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ssl2.h</key>
@@ -11598,22 +11939,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+			quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 			</data>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/sslerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			yK43KOTkyrnZSQyDc5YAogavqJ8=
+			/eBMsgFyNFsW6ny0bkuBwgLrV74=
 			</data>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/sslerr_legacy.h</key>
@@ -11642,11 +11983,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			fegXSOFHdhd4iLv0QwfUKFQDdcA=
+			cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 			</data>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/storeerr.h</key>
@@ -11671,37 +12012,48 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/thread.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			I1hNXzQNowl99hyAsBTCu2VmjRQ=
+			</data>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/tls1.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			X9R0FXKYZoqq6+rpqOicBgmUbY8=
+			2RPzwNlBNfKrQ1WyFD68eMEc//o=
 			</data>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/trace.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			piBR67GOuHdxC49rFxlGIf167T8=
+			fLX9FULaG2zjQ9KORHF12sHsL4U=
 			</data>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ts.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			PvBLnP6OxB2m9yPm7iof8juEBnY=
+			18spUTy4DzuZorIB4Lp830dOb24=
 			</data>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/tserr.h</key>
@@ -11730,11 +12082,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			9FnIjEDd7Ga455uw7oTWdFsJurk=
+			edL/ICzzvHqFHJKhxWjK1eeWzDA=
 			</data>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ui.h</key>
@@ -11774,55 +12126,55 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+			kRkTo7TTjRSRFn5qHP7JWVivHX0=
 			</data>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2N5BSz89lt/srKzCqnlOodJKXvg=
+			8na6aklL2A7onuXeMTRthbXhwOk=
 			</data>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+			B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 			</data>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509v3.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2S/uEecfn7PGXF1xOEahZ/6gJIU=
+			5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 			</data>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509v3err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Yuj0qO2vTX/exW9Ak907VCDetgE=
+			Y1fEIggloQI5ervvbjaNV/vKT94=
 			</data>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Modules/module.modulemap</key>
@@ -11840,22 +12192,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			XDPuT61S5QKqbrooIKyS7H8LmAI=
+			PDry7lDe12unud2VEVBYjXHZJ+8=
 			</data>
 			<key>hash2</key>
 			<data>
-			OydXmM2Km02Gk7xplSZ2DKoyucUsyeTUBKVXN56prLA=
+			pP28PwrFoF0Pima2Q0O/l0hEvp2H9Vr2wZQD8Bb3mWQ=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Resources/Info.plist</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			dXJ6Wg6vzE61Loe5kgfN6ogyAJc=
+			ygSh/JNcojZ+defoLJ/ubUODJLc=
 			</data>
 			<key>hash2</key>
 			<data>
-			tYNeLW9mhkLAnNMYLRCVgMEhFolXP4HSjviIg4XYe+I=
+			X+T9j5rz5orbYzukuy7H2TfiCOx9yj/t2Vxn7bcwYwg=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/A/Resources/PrivacyInfo.xcprivacy</key>
@@ -11873,11 +12225,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MqitY7Le8067w/DcMRY1KkllxcM=
+			z61dC00PwhxwyWfylvAv7YprDZU=
 			</data>
 			<key>hash2</key>
 			<data>
-			srRgG5aSpjv0AqrwehlMXkOM9kesVOgv1rDXLwW3eoE=
+			hSzlLV/sxaqYvaLnG/2HjoYMAxe7HfCj8u3Y9BeKgog=
 			</data>
 		</dict>
 		<key>macos-arm64_x86_64/OpenSSL.framework/Versions/Current</key>
@@ -11889,11 +12241,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			vc1jSl1OkdYUvhhMMZYtn89+rt4=
+			hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 			</data>
 			<key>hash2</key>
 			<data>
-			EggoyS3j3Er2SpPJ3u0M9cnFMeBqHLMI5FC+4hk+/r8=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/aes.h</key>
@@ -11911,11 +12263,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			z+PsFkgcH1/rIuo3T9MODUoNK24=
+			IKHwL052GZDacEllpSjZOblGmp8=
 			</data>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/asn1err.h</key>
@@ -11944,11 +12296,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+FaNb0DDHz6Z1bROedXceAi9ZFk=
+			DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 			</data>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/asyncerr.h</key>
@@ -11966,22 +12318,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			dhAlip0uGrwjivvfzXhz7gIBbL4=
+			jf7KjxIHyE1IXp6H14cZiso92NU=
 			</data>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/bioerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			hLGduZHZSiaWh7890Ft+Dirp0V8=
+			IbiWzoIahXRttNPxiu0IIxtDPTw=
 			</data>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/blowfish.h</key>
@@ -11999,11 +12351,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+			6PFTH929dRBU8jPAwC+1gfmXlGc=
 			</data>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/bnerr.h</key>
@@ -12076,11 +12428,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+			3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 			</data>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/cmp_util.h</key>
@@ -12098,66 +12450,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MAd6LB0eBGnM306fpyRFIKQcmnw=
+			+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 			</data>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/cms.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			aohtAuDEldlIEw7LDjA5LYFYouQ=
+			8J3HyXxvCfQMYdroObf/TvDcJNM=
 			</data>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/cmserr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+			eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/comp.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			cSe/54NKUratn7HXqkgwHAAbU+E=
+			R8EdXFre5Xth1a1xLWy+huW6XA8=
 			</data>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/comperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			na2NDAO6KtNEZeQJryn0rAk8gm0=
+			ffVaVXoIFyUQtghDWdg4YaL3yYA=
 			</data>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/conf.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			nUukHRjB8Dl5FxMUw81UXmi108o=
+			eoMetSrNK1X+ip6Nv4MhDZFxESE=
 			</data>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/conf_api.h</key>
@@ -12186,11 +12538,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			1Ocg2HkmksHWEL7ue/UNifUsa0g=
+			31BE8LwRUj29KzYtu8s7CYNvvoY=
 			</data>
 			<key>hash2</key>
 			<data>
-			OatY/PLTIkisneKKfv6D8r/kTTzFi8lhMBzStS3WR6o=
+			ER9xEddHqSW07OKwxmxDF6wnf3kxWVZk/1pXhWOkMRg=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/conftypes.h</key>
@@ -12208,33 +12560,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			DgKxuVMedZnWrYwn3+QZmlvjWZc=
+			mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 			</data>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			zUi9uRmH2QVO4Mxx9idYALHrvAw=
+			OEt2/D0GlXTJj92u50WOnLzBcZw=
 			</data>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/core_names.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+			14HBtWbGIKudKLLGnsLvx1qFFAw=
 			</data>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/core_object.h</key>
@@ -12252,11 +12604,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			TzEzvoMGWZVYIVXybYVJXpBtPE4=
+			EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 			</data>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/crmferr.h</key>
@@ -12274,11 +12626,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+cZ/iqyPSjobdtAMfPofJkdC24s=
+			ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 			</data>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/cryptoerr.h</key>
@@ -12307,11 +12659,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			oarc/5DbZaex1uozr5vLGecVUYk=
+			ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 			</data>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/cterr.h</key>
@@ -12373,22 +12725,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			QifzkCnry6Rjwjm02D0W2iPpaoU=
+			PowAtdT+ur+5jz/YnAc0EHVVfYY=
 			</data>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/dsa.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			sz5tTilR8g0xjgAEoMUOAJgIQaY=
+			H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 			</data>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/dsaerr.h</key>
@@ -12417,11 +12769,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			tH/S000xyavHjsqNlVGAMQHtrPM=
+			0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+			</data>
+			<key>hash2</key>
+			<data>
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>tvos-arm64/OpenSSL.framework/Headers/e_ostime.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			Rl/39YfOzRSimoGdKMvxr1d00LM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ebcdic.h</key>
@@ -12439,11 +12802,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			m7p7LakDX6kSXm8j7MWMgSLjumQ=
+			kkZLbejT9KttWpplQJutvdfleJ4=
 			</data>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ecdh.h</key>
@@ -12527,11 +12890,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			NvspHDi43yz2hiAWCvupOzf/71U=
+			PtVZORM3ByW96U6jpN72xVA5Dlo=
 			</data>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ess.h</key>
@@ -12560,22 +12923,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			xfiJMp65BDUi3aXZvvuZrt7L9+0=
+			u8HQdWo73ke46uV//yNBE9jiFec=
 			</data>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/evperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			NRjb8Dk85VMOg0csAOKMpjdNSvU=
+			K88FXrMN/IFeOll/L3T2NG1VAho=
 			</data>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/fips_names.h</key>
@@ -12611,15 +12974,26 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>tvos-arm64/OpenSSL.framework/Headers/hpke.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			C4ovQTTt0OhXALzYIGunYN0Watg=
+			</data>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/http.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			iNdpr4bT5ifrtYNy2wdayLYIWxg=
+			iqn5HuY54xYRncFTjLQB6CcMbpY=
 			</data>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/httperr.h</key>
@@ -12670,22 +13044,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			EMRnX9ax6zLHBXxnmTSiazj/Eag=
+			PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 			</data>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/macros.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Usaoz4ODoAuZGwIWWW73o7Bacc0=
+			2Ofn24hQHHn/ydr7WESDi2Wf0us=
 			</data>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/md2.h</key>
@@ -12747,11 +13121,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			PKGiophkl+465XsKlaE0RbcWIpY=
+			eTx8IurZN7tVu4hYlw/OjmcTMU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/objects.h</key>
@@ -12813,11 +13187,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			mXcJfEZz+aFQawvCfn5r6HkVePE=
+			8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ossl_typ.h</key>
@@ -12857,11 +13231,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			biCqnu2V9RsFSKrBa/hF2A7+DLU=
+			kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 			</data>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/pem2.h</key>
@@ -12890,33 +13264,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MLVdfoh2kwlsuk9cXYskHRR3mys=
+			/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 			</data>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Gfn2rYsc58gNXbT6civ9+JHTERI=
+			6J06QNUavdqYCKAM/T8R8DaQfgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/pkcs7.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+			klUHME98kAar+DN4RqP/9F2nqgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/pkcs7err.h</key>
@@ -12934,44 +13308,55 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			7rQU10ajXY8qFAuBupPVP4Z38b0=
+			I5abNWBI3Vr60mASKOdgGYGLnjM=
 			</data>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/proverr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+			Us8FRSexKB+saV/iHv19bVqv1ys=
 			</data>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/provider.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S/AzcddQm464ZXFcs7Vc0qr8H9o=
+			6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+			</data>
+			<key>hash2</key>
+			<data>
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>tvos-arm64/OpenSSL.framework/Headers/quic.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			FT7e2yALtA5OrfVSMXVnHbyvNT0=
 			</data>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/rand.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			RbjbL965PTH5V1c96XeaxDqc1Bs=
+			tX64JzS8iUAcgICZc7CYr10U+O4=
 			</data>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/randerr.h</key>
@@ -13033,11 +13418,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+			1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 			</data>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/rsaerr.h</key>
@@ -13088,11 +13473,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+			XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 			</data>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/shim.h</key>
@@ -13121,22 +13506,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+			Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 			</data>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ssl.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			H6fBRX9V6tBvFg31BQ4llKH6iuU=
+			oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 			</data>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ssl2.h</key>
@@ -13154,22 +13539,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+			quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 			</data>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/sslerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			yK43KOTkyrnZSQyDc5YAogavqJ8=
+			/eBMsgFyNFsW6ny0bkuBwgLrV74=
 			</data>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/sslerr_legacy.h</key>
@@ -13198,11 +13583,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			fegXSOFHdhd4iLv0QwfUKFQDdcA=
+			cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 			</data>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/storeerr.h</key>
@@ -13227,37 +13612,48 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>tvos-arm64/OpenSSL.framework/Headers/thread.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			I1hNXzQNowl99hyAsBTCu2VmjRQ=
+			</data>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/tls1.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			X9R0FXKYZoqq6+rpqOicBgmUbY8=
+			2RPzwNlBNfKrQ1WyFD68eMEc//o=
 			</data>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/trace.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			piBR67GOuHdxC49rFxlGIf167T8=
+			fLX9FULaG2zjQ9KORHF12sHsL4U=
 			</data>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ts.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			PvBLnP6OxB2m9yPm7iof8juEBnY=
+			18spUTy4DzuZorIB4Lp830dOb24=
 			</data>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/tserr.h</key>
@@ -13286,11 +13682,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			9FnIjEDd7Ga455uw7oTWdFsJurk=
+			edL/ICzzvHqFHJKhxWjK1eeWzDA=
 			</data>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/ui.h</key>
@@ -13330,66 +13726,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+			kRkTo7TTjRSRFn5qHP7JWVivHX0=
 			</data>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2N5BSz89lt/srKzCqnlOodJKXvg=
+			8na6aklL2A7onuXeMTRthbXhwOk=
 			</data>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/x509err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+			B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 			</data>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/x509v3.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2S/uEecfn7PGXF1xOEahZ/6gJIU=
+			5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 			</data>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Headers/x509v3err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Yuj0qO2vTX/exW9Ak907VCDetgE=
+			Y1fEIggloQI5ervvbjaNV/vKT94=
 			</data>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Info.plist</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			oZXhDOU/3AFMLSF66La/lrevBPU=
+			+KCnD2Ok5EzpN+IJyljnRpZaVNw=
 			</data>
 			<key>hash2</key>
 			<data>
-			zCsdf31MdlrA37ARsb/bX0lfujcaHG7NMw8qLGitXD4=
+			PKHco/SMnSI8FStTmuehhnGEd73EcTltbMQh9JtwNtA=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/Modules/module.modulemap</key>
@@ -13407,11 +13803,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			BCCkAV7i/apX88lanTiFUHY+mYA=
+			vafs0Gdc3tkRfJuQ4JjeyCrW/tE=
 			</data>
 			<key>hash2</key>
 			<data>
-			K5yd3GANfB4EXuJyvunnrkI4meKm/5UALgw3KUhIpko=
+			E2AcRg1hdtS0TZt5VjH2EZpHS4HlodHUkMKTDBLM4tM=
 			</data>
 		</dict>
 		<key>tvos-arm64/OpenSSL.framework/PrivacyInfo.xcprivacy</key>
@@ -13429,22 +13825,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			Rnzg0hM6XX7PUdy1zYOLPo+t6nE=
+			C8CXTyLi7JpI0jtr+EYLYsNzc58=
 			</data>
 			<key>hash2</key>
 			<data>
-			bOuE1URoP+iruP1UdVVrkel6Bo9vc4s1DCv8SX9KH+Q=
+			kzCgm2WwCoRphy5CwBYhn1OmnnP/ymD7Ff69rjB7qc4=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			r0aBnOwrMBAaT5qwutVA9mzGMlQ=
+			hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 			</data>
 			<key>hash2</key>
 			<data>
-			msqVwR47UBq8NW0jrEVEhic9U54tGzUqV2uJt9weAP8=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/aes.h</key>
@@ -13462,11 +13858,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			z+PsFkgcH1/rIuo3T9MODUoNK24=
+			IKHwL052GZDacEllpSjZOblGmp8=
 			</data>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1err.h</key>
@@ -13495,11 +13891,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+FaNb0DDHz6Z1bROedXceAi9ZFk=
+			DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 			</data>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/asyncerr.h</key>
@@ -13517,22 +13913,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			dhAlip0uGrwjivvfzXhz7gIBbL4=
+			jf7KjxIHyE1IXp6H14cZiso92NU=
 			</data>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			hLGduZHZSiaWh7890Ft+Dirp0V8=
+			IbiWzoIahXRttNPxiu0IIxtDPTw=
 			</data>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/blowfish.h</key>
@@ -13550,11 +13946,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+			6PFTH929dRBU8jPAwC+1gfmXlGc=
 			</data>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bnerr.h</key>
@@ -13627,11 +14023,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+			3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 			</data>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp_util.h</key>
@@ -13649,66 +14045,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MAd6LB0eBGnM306fpyRFIKQcmnw=
+			+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 			</data>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			aohtAuDEldlIEw7LDjA5LYFYouQ=
+			8J3HyXxvCfQMYdroObf/TvDcJNM=
 			</data>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+			eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			cSe/54NKUratn7HXqkgwHAAbU+E=
+			R8EdXFre5Xth1a1xLWy+huW6XA8=
 			</data>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			na2NDAO6KtNEZeQJryn0rAk8gm0=
+			ffVaVXoIFyUQtghDWdg4YaL3yYA=
 			</data>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			nUukHRjB8Dl5FxMUw81UXmi108o=
+			eoMetSrNK1X+ip6Nv4MhDZFxESE=
 			</data>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf_api.h</key>
@@ -13737,11 +14133,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			1Ocg2HkmksHWEL7ue/UNifUsa0g=
+			31BE8LwRUj29KzYtu8s7CYNvvoY=
 			</data>
 			<key>hash2</key>
 			<data>
-			OatY/PLTIkisneKKfv6D8r/kTTzFi8lhMBzStS3WR6o=
+			ER9xEddHqSW07OKwxmxDF6wnf3kxWVZk/1pXhWOkMRg=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conftypes.h</key>
@@ -13759,33 +14155,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			DgKxuVMedZnWrYwn3+QZmlvjWZc=
+			mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 			</data>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			zUi9uRmH2QVO4Mxx9idYALHrvAw=
+			OEt2/D0GlXTJj92u50WOnLzBcZw=
 			</data>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+			14HBtWbGIKudKLLGnsLvx1qFFAw=
 			</data>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_object.h</key>
@@ -13803,11 +14199,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			TzEzvoMGWZVYIVXybYVJXpBtPE4=
+			EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 			</data>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmferr.h</key>
@@ -13825,11 +14221,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+cZ/iqyPSjobdtAMfPofJkdC24s=
+			ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 			</data>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cryptoerr.h</key>
@@ -13858,11 +14254,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			oarc/5DbZaex1uozr5vLGecVUYk=
+			ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 			</data>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cterr.h</key>
@@ -13924,22 +14320,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			QifzkCnry6Rjwjm02D0W2iPpaoU=
+			PowAtdT+ur+5jz/YnAc0EHVVfYY=
 			</data>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			sz5tTilR8g0xjgAEoMUOAJgIQaY=
+			H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 			</data>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsaerr.h</key>
@@ -13968,11 +14364,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			tH/S000xyavHjsqNlVGAMQHtrPM=
+			0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+			</data>
+			<key>hash2</key>
+			<data>
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			Rl/39YfOzRSimoGdKMvxr1d00LM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ebcdic.h</key>
@@ -13990,11 +14397,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			m7p7LakDX6kSXm8j7MWMgSLjumQ=
+			kkZLbejT9KttWpplQJutvdfleJ4=
 			</data>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ecdh.h</key>
@@ -14078,11 +14485,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			NvspHDi43yz2hiAWCvupOzf/71U=
+			PtVZORM3ByW96U6jpN72xVA5Dlo=
 			</data>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ess.h</key>
@@ -14111,22 +14518,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			xfiJMp65BDUi3aXZvvuZrt7L9+0=
+			u8HQdWo73ke46uV//yNBE9jiFec=
 			</data>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			NRjb8Dk85VMOg0csAOKMpjdNSvU=
+			K88FXrMN/IFeOll/L3T2NG1VAho=
 			</data>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/fips_names.h</key>
@@ -14162,15 +14569,26 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			C4ovQTTt0OhXALzYIGunYN0Watg=
+			</data>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			iNdpr4bT5ifrtYNy2wdayLYIWxg=
+			iqn5HuY54xYRncFTjLQB6CcMbpY=
 			</data>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/httperr.h</key>
@@ -14221,22 +14639,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			EMRnX9ax6zLHBXxnmTSiazj/Eag=
+			PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 			</data>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Usaoz4ODoAuZGwIWWW73o7Bacc0=
+			2Ofn24hQHHn/ydr7WESDi2Wf0us=
 			</data>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/md2.h</key>
@@ -14298,11 +14716,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			PKGiophkl+465XsKlaE0RbcWIpY=
+			eTx8IurZN7tVu4hYlw/OjmcTMU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/objects.h</key>
@@ -14364,11 +14782,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			mXcJfEZz+aFQawvCfn5r6HkVePE=
+			8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ossl_typ.h</key>
@@ -14408,11 +14826,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			biCqnu2V9RsFSKrBa/hF2A7+DLU=
+			kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 			</data>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem2.h</key>
@@ -14441,33 +14859,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MLVdfoh2kwlsuk9cXYskHRR3mys=
+			/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 			</data>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Gfn2rYsc58gNXbT6civ9+JHTERI=
+			6J06QNUavdqYCKAM/T8R8DaQfgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+			klUHME98kAar+DN4RqP/9F2nqgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7err.h</key>
@@ -14485,44 +14903,55 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			7rQU10ajXY8qFAuBupPVP4Z38b0=
+			I5abNWBI3Vr60mASKOdgGYGLnjM=
 			</data>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+			Us8FRSexKB+saV/iHv19bVqv1ys=
 			</data>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S/AzcddQm464ZXFcs7Vc0qr8H9o=
+			6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+			</data>
+			<key>hash2</key>
+			<data>
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			FT7e2yALtA5OrfVSMXVnHbyvNT0=
 			</data>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			RbjbL965PTH5V1c96XeaxDqc1Bs=
+			tX64JzS8iUAcgICZc7CYr10U+O4=
 			</data>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/randerr.h</key>
@@ -14584,11 +15013,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+			1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 			</data>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsaerr.h</key>
@@ -14639,11 +15068,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+			XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 			</data>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/shim.h</key>
@@ -14672,22 +15101,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+			Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 			</data>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			H6fBRX9V6tBvFg31BQ4llKH6iuU=
+			oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 			</data>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl2.h</key>
@@ -14705,22 +15134,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+			quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 			</data>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			yK43KOTkyrnZSQyDc5YAogavqJ8=
+			/eBMsgFyNFsW6ny0bkuBwgLrV74=
 			</data>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr_legacy.h</key>
@@ -14749,11 +15178,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			fegXSOFHdhd4iLv0QwfUKFQDdcA=
+			cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 			</data>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/storeerr.h</key>
@@ -14778,37 +15207,48 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			I1hNXzQNowl99hyAsBTCu2VmjRQ=
+			</data>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			X9R0FXKYZoqq6+rpqOicBgmUbY8=
+			2RPzwNlBNfKrQ1WyFD68eMEc//o=
 			</data>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			piBR67GOuHdxC49rFxlGIf167T8=
+			fLX9FULaG2zjQ9KORHF12sHsL4U=
 			</data>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			PvBLnP6OxB2m9yPm7iof8juEBnY=
+			18spUTy4DzuZorIB4Lp830dOb24=
 			</data>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/tserr.h</key>
@@ -14837,11 +15277,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			9FnIjEDd7Ga455uw7oTWdFsJurk=
+			edL/ICzzvHqFHJKhxWjK1eeWzDA=
 			</data>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ui.h</key>
@@ -14881,66 +15321,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+			kRkTo7TTjRSRFn5qHP7JWVivHX0=
 			</data>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2N5BSz89lt/srKzCqnlOodJKXvg=
+			8na6aklL2A7onuXeMTRthbXhwOk=
 			</data>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+			B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 			</data>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2S/uEecfn7PGXF1xOEahZ/6gJIU=
+			5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 			</data>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Yuj0qO2vTX/exW9Ak907VCDetgE=
+			Y1fEIggloQI5ervvbjaNV/vKT94=
 			</data>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Info.plist</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			aiAmlwCKlv6I/bfXU9M0giCEtpw=
+			gd7rWr8OhyDXUVClEo5R5CxFUjQ=
 			</data>
 			<key>hash2</key>
 			<data>
-			hABvMC9Sos3TsOH/FCnli/4EeuRb4Sddsp0Cnbd98qE=
+			cQVcZDXk2qpQ8Dn4tYmsb2pZ+6YIm3rJzD3kzEtrSM4=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/Modules/module.modulemap</key>
@@ -14958,11 +15398,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			Vb+fIr7sNIHf0RB1blDsGKJIYM4=
+			cVV2aKrAO0bY8Qv7kIfqwOV5+XU=
 			</data>
 			<key>hash2</key>
 			<data>
-			bte+ZnOefz0yevwcSFAEItbVKoaJMVKd28VTXBUCkPU=
+			0wmn2cImRPOBRPu/Xcgk5fM5z9fqePzD9fq/NUZe+Ik=
 			</data>
 		</dict>
 		<key>tvos-arm64_x86_64-simulator/OpenSSL.framework/PrivacyInfo.xcprivacy</key>
@@ -14980,11 +15420,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			Qk1U1YsHwvXwbBrxokmWLG1KmYw=
+			4Zk2Yw2gG2t+9OksayZGVL5EP5I=
+			</data>
+			<key>hash2</key>
+			<data>
+			2BU7EnR/yhQ9R09fuZJPFwWTpK8P2IpY+SWobfEeP3A=
+			</data>
+		</dict>
+		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/OpenSSL.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 			</data>
 			<key>hash2</key>
 			<data>
-			F0jDrIETdFLzTENRKq/+3wE8tWPZcbon+9g5cK2MLhg=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/aes.h</key>
@@ -15002,11 +15453,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			z+PsFkgcH1/rIuo3T9MODUoNK24=
+			IKHwL052GZDacEllpSjZOblGmp8=
 			</data>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/asn1err.h</key>
@@ -15035,11 +15486,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+FaNb0DDHz6Z1bROedXceAi9ZFk=
+			DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 			</data>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/asyncerr.h</key>
@@ -15057,22 +15508,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			dhAlip0uGrwjivvfzXhz7gIBbL4=
+			jf7KjxIHyE1IXp6H14cZiso92NU=
 			</data>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/bioerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			hLGduZHZSiaWh7890Ft+Dirp0V8=
+			IbiWzoIahXRttNPxiu0IIxtDPTw=
 			</data>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/blowfish.h</key>
@@ -15090,11 +15541,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+			6PFTH929dRBU8jPAwC+1gfmXlGc=
 			</data>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/bnerr.h</key>
@@ -15167,11 +15618,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+			3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 			</data>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cmp_util.h</key>
@@ -15189,66 +15640,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MAd6LB0eBGnM306fpyRFIKQcmnw=
+			+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 			</data>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cms.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			aohtAuDEldlIEw7LDjA5LYFYouQ=
+			8J3HyXxvCfQMYdroObf/TvDcJNM=
 			</data>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cmserr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+			eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/comp.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			cSe/54NKUratn7HXqkgwHAAbU+E=
+			R8EdXFre5Xth1a1xLWy+huW6XA8=
 			</data>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/comperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			na2NDAO6KtNEZeQJryn0rAk8gm0=
+			ffVaVXoIFyUQtghDWdg4YaL3yYA=
 			</data>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/conf.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			nUukHRjB8Dl5FxMUw81UXmi108o=
+			eoMetSrNK1X+ip6Nv4MhDZFxESE=
 			</data>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/conf_api.h</key>
@@ -15277,11 +15728,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			3nBx/DLjXO0mXHHCNM7FsRhdYEA=
+			mp4WLl5nQWdzgpf97VWrQ5tGnbY=
 			</data>
 			<key>hash2</key>
 			<data>
-			XHE/sHTtmA7yQDLLCfm0eNpxZ3l/Yo4xTAvb4c7ooV4=
+			IpHQkJF4VaqWvnjuBwDTpgPit005UE7TD1zcMBHXGV0=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/conftypes.h</key>
@@ -15299,33 +15750,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			DgKxuVMedZnWrYwn3+QZmlvjWZc=
+			mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 			</data>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			zUi9uRmH2QVO4Mxx9idYALHrvAw=
+			OEt2/D0GlXTJj92u50WOnLzBcZw=
 			</data>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core_names.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+			14HBtWbGIKudKLLGnsLvx1qFFAw=
 			</data>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core_object.h</key>
@@ -15343,11 +15794,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			TzEzvoMGWZVYIVXybYVJXpBtPE4=
+			EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 			</data>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/crmferr.h</key>
@@ -15365,11 +15816,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+cZ/iqyPSjobdtAMfPofJkdC24s=
+			ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 			</data>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cryptoerr.h</key>
@@ -15398,11 +15849,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			oarc/5DbZaex1uozr5vLGecVUYk=
+			ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 			</data>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cterr.h</key>
@@ -15464,22 +15915,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			QifzkCnry6Rjwjm02D0W2iPpaoU=
+			PowAtdT+ur+5jz/YnAc0EHVVfYY=
 			</data>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/dsa.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			sz5tTilR8g0xjgAEoMUOAJgIQaY=
+			H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 			</data>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/dsaerr.h</key>
@@ -15508,11 +15959,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			tH/S000xyavHjsqNlVGAMQHtrPM=
+			0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+			</data>
+			<key>hash2</key>
+			<data>
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/e_ostime.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			Rl/39YfOzRSimoGdKMvxr1d00LM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ebcdic.h</key>
@@ -15530,11 +15992,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			m7p7LakDX6kSXm8j7MWMgSLjumQ=
+			kkZLbejT9KttWpplQJutvdfleJ4=
 			</data>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ecdh.h</key>
@@ -15618,11 +16080,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			NvspHDi43yz2hiAWCvupOzf/71U=
+			PtVZORM3ByW96U6jpN72xVA5Dlo=
 			</data>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ess.h</key>
@@ -15651,22 +16113,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			xfiJMp65BDUi3aXZvvuZrt7L9+0=
+			u8HQdWo73ke46uV//yNBE9jiFec=
 			</data>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/evperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			NRjb8Dk85VMOg0csAOKMpjdNSvU=
+			K88FXrMN/IFeOll/L3T2NG1VAho=
 			</data>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/fips_names.h</key>
@@ -15702,15 +16164,26 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/hpke.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			C4ovQTTt0OhXALzYIGunYN0Watg=
+			</data>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/http.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			iNdpr4bT5ifrtYNy2wdayLYIWxg=
+			iqn5HuY54xYRncFTjLQB6CcMbpY=
 			</data>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/httperr.h</key>
@@ -15761,22 +16234,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			EMRnX9ax6zLHBXxnmTSiazj/Eag=
+			PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 			</data>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/macros.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Usaoz4ODoAuZGwIWWW73o7Bacc0=
+			2Ofn24hQHHn/ydr7WESDi2Wf0us=
 			</data>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/md2.h</key>
@@ -15838,11 +16311,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			PKGiophkl+465XsKlaE0RbcWIpY=
+			eTx8IurZN7tVu4hYlw/OjmcTMU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/objects.h</key>
@@ -15904,11 +16377,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			mXcJfEZz+aFQawvCfn5r6HkVePE=
+			8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ossl_typ.h</key>
@@ -15948,11 +16421,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			biCqnu2V9RsFSKrBa/hF2A7+DLU=
+			kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 			</data>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pem2.h</key>
@@ -15981,33 +16454,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MLVdfoh2kwlsuk9cXYskHRR3mys=
+			/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 			</data>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Gfn2rYsc58gNXbT6civ9+JHTERI=
+			6J06QNUavdqYCKAM/T8R8DaQfgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs7.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+			klUHME98kAar+DN4RqP/9F2nqgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs7err.h</key>
@@ -16025,44 +16498,55 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			7rQU10ajXY8qFAuBupPVP4Z38b0=
+			I5abNWBI3Vr60mASKOdgGYGLnjM=
 			</data>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/proverr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+			Us8FRSexKB+saV/iHv19bVqv1ys=
 			</data>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/provider.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S/AzcddQm464ZXFcs7Vc0qr8H9o=
+			6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+			</data>
+			<key>hash2</key>
+			<data>
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/quic.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			FT7e2yALtA5OrfVSMXVnHbyvNT0=
 			</data>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/rand.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			RbjbL965PTH5V1c96XeaxDqc1Bs=
+			tX64JzS8iUAcgICZc7CYr10U+O4=
 			</data>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/randerr.h</key>
@@ -16124,11 +16608,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+			1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 			</data>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/rsaerr.h</key>
@@ -16179,11 +16663,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+			XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 			</data>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/shim.h</key>
@@ -16212,22 +16696,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+			Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 			</data>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ssl.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			H6fBRX9V6tBvFg31BQ4llKH6iuU=
+			oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 			</data>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ssl2.h</key>
@@ -16245,22 +16729,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+			quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 			</data>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/sslerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			yK43KOTkyrnZSQyDc5YAogavqJ8=
+			/eBMsgFyNFsW6ny0bkuBwgLrV74=
 			</data>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/sslerr_legacy.h</key>
@@ -16289,11 +16773,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			fegXSOFHdhd4iLv0QwfUKFQDdcA=
+			cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 			</data>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/storeerr.h</key>
@@ -16318,37 +16802,48 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/thread.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			I1hNXzQNowl99hyAsBTCu2VmjRQ=
+			</data>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/tls1.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			X9R0FXKYZoqq6+rpqOicBgmUbY8=
+			2RPzwNlBNfKrQ1WyFD68eMEc//o=
 			</data>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/trace.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			piBR67GOuHdxC49rFxlGIf167T8=
+			fLX9FULaG2zjQ9KORHF12sHsL4U=
 			</data>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ts.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			PvBLnP6OxB2m9yPm7iof8juEBnY=
+			18spUTy4DzuZorIB4Lp830dOb24=
 			</data>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/tserr.h</key>
@@ -16377,11 +16872,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			9FnIjEDd7Ga455uw7oTWdFsJurk=
+			edL/ICzzvHqFHJKhxWjK1eeWzDA=
 			</data>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ui.h</key>
@@ -16421,77 +16916,88 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+			kRkTo7TTjRSRFn5qHP7JWVivHX0=
 			</data>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2N5BSz89lt/srKzCqnlOodJKXvg=
+			8na6aklL2A7onuXeMTRthbXhwOk=
 			</data>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+			B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 			</data>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509v3.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2S/uEecfn7PGXF1xOEahZ/6gJIU=
+			5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 			</data>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509v3err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Yuj0qO2vTX/exW9Ak907VCDetgE=
+			Y1fEIggloQI5ervvbjaNV/vKT94=
 			</data>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Info.plist</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			7euqe7/0W21zvJtJzk53Rhic2qs=
+			WsRRl8h68x1Yl3IxQopDVCxzZAM=
+			</data>
+			<key>hash2</key>
+			<data>
+			OWMfecToWvQr7yA6X6CUavuRO1mr9ppQAZFfDV6qfZs=
+			</data>
+		</dict>
+		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Modules/module.modulemap</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			wSMjVnQJnXCQkrl0p+m5ijRHe3c=
 			</data>
 			<key>hash2</key>
 			<data>
-			ZcKvBYaMTwCO52E7EIlZ9QijK5bPg0ZXu+bSq00k9ks=
+			Iyk3YE2iKlYEZnIdRRtNf4piXHBV2iLaIdaHtxJFxL8=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/OpenSSL</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			0YuTzWCo0IyF3SotGjsvOUfEOkc=
+			Z1/jv/bLilofslm6qhQIfU8x9nc=
 			</data>
 			<key>hash2</key>
 			<data>
-			gMXqZjcNFfco+jZSbJET7qZfeqKxMWQJK8vDZGH0qMY=
+			ZZ0rBr+Iducb/qFkBAYe2FZkrsUoO+rAC/JiHAnmep4=
 			</data>
 		</dict>
 		<key>watchos-arm64_arm64_32_armv7k/OpenSSL.framework/PrivacyInfo.xcprivacy</key>
@@ -16509,11 +17015,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MI5RwIHQTMiwdzIq/jJtvWSbO78=
+			NW2synqq1hfrFw4e5LrNHAKk7Jk=
 			</data>
 			<key>hash2</key>
 			<data>
-			25VKHL+wwdxLhhWHmLypViVDPqJhP4DervHAXgHHvCw=
+			1CMyGxIxvZr5pq3DlYlkMgvQAxyzkVxYqE+jFTHgvps=
+			</data>
+		</dict>
+		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			hTyoNt1YXSrwwSt+YGpwylnuX1Q=
+			</data>
+			<key>hash2</key>
+			<data>
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/aes.h</key>
@@ -16531,11 +17048,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			z+PsFkgcH1/rIuo3T9MODUoNK24=
+			IKHwL052GZDacEllpSjZOblGmp8=
 			</data>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1err.h</key>
@@ -16564,11 +17081,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+FaNb0DDHz6Z1bROedXceAi9ZFk=
+			DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 			</data>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/asyncerr.h</key>
@@ -16586,22 +17103,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			dhAlip0uGrwjivvfzXhz7gIBbL4=
+			jf7KjxIHyE1IXp6H14cZiso92NU=
 			</data>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			hLGduZHZSiaWh7890Ft+Dirp0V8=
+			IbiWzoIahXRttNPxiu0IIxtDPTw=
 			</data>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/blowfish.h</key>
@@ -16619,11 +17136,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+			6PFTH929dRBU8jPAwC+1gfmXlGc=
 			</data>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bnerr.h</key>
@@ -16696,11 +17213,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+			3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 			</data>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp_util.h</key>
@@ -16718,66 +17235,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MAd6LB0eBGnM306fpyRFIKQcmnw=
+			+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 			</data>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			aohtAuDEldlIEw7LDjA5LYFYouQ=
+			8J3HyXxvCfQMYdroObf/TvDcJNM=
 			</data>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+			eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			cSe/54NKUratn7HXqkgwHAAbU+E=
+			R8EdXFre5Xth1a1xLWy+huW6XA8=
 			</data>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			na2NDAO6KtNEZeQJryn0rAk8gm0=
+			ffVaVXoIFyUQtghDWdg4YaL3yYA=
 			</data>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			nUukHRjB8Dl5FxMUw81UXmi108o=
+			eoMetSrNK1X+ip6Nv4MhDZFxESE=
 			</data>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf_api.h</key>
@@ -16806,11 +17323,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			3nBx/DLjXO0mXHHCNM7FsRhdYEA=
+			mp4WLl5nQWdzgpf97VWrQ5tGnbY=
 			</data>
 			<key>hash2</key>
 			<data>
-			XHE/sHTtmA7yQDLLCfm0eNpxZ3l/Yo4xTAvb4c7ooV4=
+			IpHQkJF4VaqWvnjuBwDTpgPit005UE7TD1zcMBHXGV0=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conftypes.h</key>
@@ -16828,33 +17345,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			DgKxuVMedZnWrYwn3+QZmlvjWZc=
+			mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 			</data>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			zUi9uRmH2QVO4Mxx9idYALHrvAw=
+			OEt2/D0GlXTJj92u50WOnLzBcZw=
 			</data>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+			14HBtWbGIKudKLLGnsLvx1qFFAw=
 			</data>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_object.h</key>
@@ -16872,11 +17389,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			TzEzvoMGWZVYIVXybYVJXpBtPE4=
+			EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 			</data>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmferr.h</key>
@@ -16894,11 +17411,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+cZ/iqyPSjobdtAMfPofJkdC24s=
+			ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 			</data>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cryptoerr.h</key>
@@ -16927,11 +17444,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			oarc/5DbZaex1uozr5vLGecVUYk=
+			ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 			</data>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cterr.h</key>
@@ -16993,22 +17510,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			QifzkCnry6Rjwjm02D0W2iPpaoU=
+			PowAtdT+ur+5jz/YnAc0EHVVfYY=
 			</data>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			sz5tTilR8g0xjgAEoMUOAJgIQaY=
+			H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 			</data>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsaerr.h</key>
@@ -17037,11 +17554,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			tH/S000xyavHjsqNlVGAMQHtrPM=
+			0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+			</data>
+			<key>hash2</key>
+			<data>
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			Rl/39YfOzRSimoGdKMvxr1d00LM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ebcdic.h</key>
@@ -17059,11 +17587,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			m7p7LakDX6kSXm8j7MWMgSLjumQ=
+			kkZLbejT9KttWpplQJutvdfleJ4=
 			</data>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ecdh.h</key>
@@ -17147,11 +17675,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			NvspHDi43yz2hiAWCvupOzf/71U=
+			PtVZORM3ByW96U6jpN72xVA5Dlo=
 			</data>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ess.h</key>
@@ -17180,22 +17708,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			xfiJMp65BDUi3aXZvvuZrt7L9+0=
+			u8HQdWo73ke46uV//yNBE9jiFec=
 			</data>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			NRjb8Dk85VMOg0csAOKMpjdNSvU=
+			K88FXrMN/IFeOll/L3T2NG1VAho=
 			</data>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/fips_names.h</key>
@@ -17231,15 +17759,26 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			C4ovQTTt0OhXALzYIGunYN0Watg=
+			</data>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			iNdpr4bT5ifrtYNy2wdayLYIWxg=
+			iqn5HuY54xYRncFTjLQB6CcMbpY=
 			</data>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/httperr.h</key>
@@ -17290,22 +17829,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			EMRnX9ax6zLHBXxnmTSiazj/Eag=
+			PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 			</data>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Usaoz4ODoAuZGwIWWW73o7Bacc0=
+			2Ofn24hQHHn/ydr7WESDi2Wf0us=
 			</data>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/md2.h</key>
@@ -17367,11 +17906,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			PKGiophkl+465XsKlaE0RbcWIpY=
+			eTx8IurZN7tVu4hYlw/OjmcTMU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/objects.h</key>
@@ -17433,11 +17972,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			mXcJfEZz+aFQawvCfn5r6HkVePE=
+			8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ossl_typ.h</key>
@@ -17477,11 +18016,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			biCqnu2V9RsFSKrBa/hF2A7+DLU=
+			kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 			</data>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem2.h</key>
@@ -17510,33 +18049,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MLVdfoh2kwlsuk9cXYskHRR3mys=
+			/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 			</data>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Gfn2rYsc58gNXbT6civ9+JHTERI=
+			6J06QNUavdqYCKAM/T8R8DaQfgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+			klUHME98kAar+DN4RqP/9F2nqgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7err.h</key>
@@ -17554,44 +18093,55 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			7rQU10ajXY8qFAuBupPVP4Z38b0=
+			I5abNWBI3Vr60mASKOdgGYGLnjM=
 			</data>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+			Us8FRSexKB+saV/iHv19bVqv1ys=
 			</data>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S/AzcddQm464ZXFcs7Vc0qr8H9o=
+			6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+			</data>
+			<key>hash2</key>
+			<data>
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			FT7e2yALtA5OrfVSMXVnHbyvNT0=
 			</data>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			RbjbL965PTH5V1c96XeaxDqc1Bs=
+			tX64JzS8iUAcgICZc7CYr10U+O4=
 			</data>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/randerr.h</key>
@@ -17653,11 +18203,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+			1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 			</data>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsaerr.h</key>
@@ -17708,11 +18258,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+			XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 			</data>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/shim.h</key>
@@ -17741,22 +18291,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+			Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 			</data>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			H6fBRX9V6tBvFg31BQ4llKH6iuU=
+			oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 			</data>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl2.h</key>
@@ -17774,22 +18324,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+			quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 			</data>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			yK43KOTkyrnZSQyDc5YAogavqJ8=
+			/eBMsgFyNFsW6ny0bkuBwgLrV74=
 			</data>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr_legacy.h</key>
@@ -17818,11 +18368,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			fegXSOFHdhd4iLv0QwfUKFQDdcA=
+			cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 			</data>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/storeerr.h</key>
@@ -17847,37 +18397,48 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			I1hNXzQNowl99hyAsBTCu2VmjRQ=
+			</data>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			X9R0FXKYZoqq6+rpqOicBgmUbY8=
+			2RPzwNlBNfKrQ1WyFD68eMEc//o=
 			</data>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			piBR67GOuHdxC49rFxlGIf167T8=
+			fLX9FULaG2zjQ9KORHF12sHsL4U=
 			</data>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			PvBLnP6OxB2m9yPm7iof8juEBnY=
+			18spUTy4DzuZorIB4Lp830dOb24=
 			</data>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/tserr.h</key>
@@ -17906,11 +18467,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			9FnIjEDd7Ga455uw7oTWdFsJurk=
+			edL/ICzzvHqFHJKhxWjK1eeWzDA=
 			</data>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ui.h</key>
@@ -17950,77 +18511,88 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+			kRkTo7TTjRSRFn5qHP7JWVivHX0=
 			</data>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2N5BSz89lt/srKzCqnlOodJKXvg=
+			8na6aklL2A7onuXeMTRthbXhwOk=
 			</data>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+			B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 			</data>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2S/uEecfn7PGXF1xOEahZ/6gJIU=
+			5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 			</data>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Yuj0qO2vTX/exW9Ak907VCDetgE=
+			Y1fEIggloQI5ervvbjaNV/vKT94=
 			</data>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Info.plist</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			MCXGB7p+FnvUqa7zRPwwvFkL2Cs=
+			HLzm/NeSNfFVhCsA8UzYIsaUqHM=
+			</data>
+			<key>hash2</key>
+			<data>
+			zh4IYk9shXSHqrlEkGJ6RGB9JiFll+LfF9qAyfk/k/s=
+			</data>
+		</dict>
+		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/Modules/module.modulemap</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			wSMjVnQJnXCQkrl0p+m5ijRHe3c=
 			</data>
 			<key>hash2</key>
 			<data>
-			bwmIr8AsB2fErzwnIZgPPGUPXee6CO8CU486+3EU06o=
+			Iyk3YE2iKlYEZnIdRRtNf4piXHBV2iLaIdaHtxJFxL8=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			xKZrbX++E1ICgBaj0Ex+PhT3tdA=
+			Js75VAcaY86wGetSiwdzgCTb+yw=
 			</data>
 			<key>hash2</key>
 			<data>
-			msLSrF0/aJ1dgXJKoUyKMbV4mRWd6qIZcuZpsUbHYdc=
+			huIvx4jEXxlHop2YA8/UEOOfGq1gXG2M1ztxWdd2/3w=
 			</data>
 		</dict>
 		<key>watchos-arm64_x86_64-simulator/OpenSSL.framework/PrivacyInfo.xcprivacy</key>
@@ -18038,22 +18610,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			YkBupSPsDrY/66a69+TlLWRnGhU=
+			vjgXs87TkvGD3NE/5/BYke8Cdx0=
 			</data>
 			<key>hash2</key>
 			<data>
-			DCtSg6kHeYeKipjelA2YXdw8TqhuK0bO4u03AshiB9w=
+			nv2c79u5D0TwtZ/Wg4PcI/tiAGcNvAkJeUjA5DP79Cc=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/OpenSSL.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			DjdIuAxFhzyFUVDRkDVNifi0KGQ=
+			hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 			</data>
 			<key>hash2</key>
 			<data>
-			JTE4FeG/p5Ix1pVlec4MtYea+a9UuqvU8RT4X/92ftE=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/aes.h</key>
@@ -18071,11 +18643,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			z+PsFkgcH1/rIuo3T9MODUoNK24=
+			IKHwL052GZDacEllpSjZOblGmp8=
 			</data>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/asn1err.h</key>
@@ -18104,11 +18676,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+FaNb0DDHz6Z1bROedXceAi9ZFk=
+			DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 			</data>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/asyncerr.h</key>
@@ -18126,22 +18698,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			dhAlip0uGrwjivvfzXhz7gIBbL4=
+			jf7KjxIHyE1IXp6H14cZiso92NU=
 			</data>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/bioerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			hLGduZHZSiaWh7890Ft+Dirp0V8=
+			IbiWzoIahXRttNPxiu0IIxtDPTw=
 			</data>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/blowfish.h</key>
@@ -18159,11 +18731,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+			6PFTH929dRBU8jPAwC+1gfmXlGc=
 			</data>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/bnerr.h</key>
@@ -18236,11 +18808,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+			3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 			</data>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/cmp_util.h</key>
@@ -18258,66 +18830,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MAd6LB0eBGnM306fpyRFIKQcmnw=
+			+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 			</data>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/cms.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			aohtAuDEldlIEw7LDjA5LYFYouQ=
+			8J3HyXxvCfQMYdroObf/TvDcJNM=
 			</data>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/cmserr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+			eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/comp.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			cSe/54NKUratn7HXqkgwHAAbU+E=
+			R8EdXFre5Xth1a1xLWy+huW6XA8=
 			</data>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/comperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			na2NDAO6KtNEZeQJryn0rAk8gm0=
+			ffVaVXoIFyUQtghDWdg4YaL3yYA=
 			</data>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/conf.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			nUukHRjB8Dl5FxMUw81UXmi108o=
+			eoMetSrNK1X+ip6Nv4MhDZFxESE=
 			</data>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/conf_api.h</key>
@@ -18346,11 +18918,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			xDMCUxVOWmILMt3EzLfdmjiceQ8=
+			yjr15PIOf/CqzXE+85wawHh2fs8=
 			</data>
 			<key>hash2</key>
 			<data>
-			vI2IhkR7ppZBfgghDO/R/IdSpmwLcb10phN45dtbeko=
+			kQ0lT9tiBDKsIi568LOmHyQmGYb3fv0zm5pkr4ipmEQ=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/conftypes.h</key>
@@ -18368,33 +18940,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			DgKxuVMedZnWrYwn3+QZmlvjWZc=
+			mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 			</data>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			zUi9uRmH2QVO4Mxx9idYALHrvAw=
+			OEt2/D0GlXTJj92u50WOnLzBcZw=
 			</data>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/core_names.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+			14HBtWbGIKudKLLGnsLvx1qFFAw=
 			</data>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/core_object.h</key>
@@ -18412,11 +18984,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			TzEzvoMGWZVYIVXybYVJXpBtPE4=
+			EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 			</data>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/crmferr.h</key>
@@ -18434,11 +19006,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+cZ/iqyPSjobdtAMfPofJkdC24s=
+			ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 			</data>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/cryptoerr.h</key>
@@ -18467,11 +19039,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			oarc/5DbZaex1uozr5vLGecVUYk=
+			ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 			</data>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/cterr.h</key>
@@ -18533,22 +19105,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			QifzkCnry6Rjwjm02D0W2iPpaoU=
+			PowAtdT+ur+5jz/YnAc0EHVVfYY=
 			</data>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/dsa.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			sz5tTilR8g0xjgAEoMUOAJgIQaY=
+			H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 			</data>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/dsaerr.h</key>
@@ -18577,11 +19149,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			tH/S000xyavHjsqNlVGAMQHtrPM=
+			0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+			</data>
+			<key>hash2</key>
+			<data>
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>xros-arm64/OpenSSL.framework/Headers/e_ostime.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			Rl/39YfOzRSimoGdKMvxr1d00LM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/ebcdic.h</key>
@@ -18599,11 +19182,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			m7p7LakDX6kSXm8j7MWMgSLjumQ=
+			kkZLbejT9KttWpplQJutvdfleJ4=
 			</data>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/ecdh.h</key>
@@ -18687,11 +19270,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			NvspHDi43yz2hiAWCvupOzf/71U=
+			PtVZORM3ByW96U6jpN72xVA5Dlo=
 			</data>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/ess.h</key>
@@ -18720,22 +19303,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			xfiJMp65BDUi3aXZvvuZrt7L9+0=
+			u8HQdWo73ke46uV//yNBE9jiFec=
 			</data>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/evperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			NRjb8Dk85VMOg0csAOKMpjdNSvU=
+			K88FXrMN/IFeOll/L3T2NG1VAho=
 			</data>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/fips_names.h</key>
@@ -18771,15 +19354,26 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>xros-arm64/OpenSSL.framework/Headers/hpke.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			C4ovQTTt0OhXALzYIGunYN0Watg=
+			</data>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/http.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			iNdpr4bT5ifrtYNy2wdayLYIWxg=
+			iqn5HuY54xYRncFTjLQB6CcMbpY=
 			</data>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/httperr.h</key>
@@ -18830,22 +19424,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			EMRnX9ax6zLHBXxnmTSiazj/Eag=
+			PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 			</data>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/macros.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Usaoz4ODoAuZGwIWWW73o7Bacc0=
+			2Ofn24hQHHn/ydr7WESDi2Wf0us=
 			</data>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/md2.h</key>
@@ -18907,11 +19501,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			PKGiophkl+465XsKlaE0RbcWIpY=
+			eTx8IurZN7tVu4hYlw/OjmcTMU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/objects.h</key>
@@ -18973,11 +19567,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			mXcJfEZz+aFQawvCfn5r6HkVePE=
+			8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/ossl_typ.h</key>
@@ -19017,11 +19611,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			biCqnu2V9RsFSKrBa/hF2A7+DLU=
+			kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 			</data>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/pem2.h</key>
@@ -19050,33 +19644,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MLVdfoh2kwlsuk9cXYskHRR3mys=
+			/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 			</data>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Gfn2rYsc58gNXbT6civ9+JHTERI=
+			6J06QNUavdqYCKAM/T8R8DaQfgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/pkcs7.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+			klUHME98kAar+DN4RqP/9F2nqgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/pkcs7err.h</key>
@@ -19094,44 +19688,55 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			7rQU10ajXY8qFAuBupPVP4Z38b0=
+			I5abNWBI3Vr60mASKOdgGYGLnjM=
 			</data>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/proverr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+			Us8FRSexKB+saV/iHv19bVqv1ys=
 			</data>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/provider.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S/AzcddQm464ZXFcs7Vc0qr8H9o=
+			6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+			</data>
+			<key>hash2</key>
+			<data>
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>xros-arm64/OpenSSL.framework/Headers/quic.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			FT7e2yALtA5OrfVSMXVnHbyvNT0=
 			</data>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/rand.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			RbjbL965PTH5V1c96XeaxDqc1Bs=
+			tX64JzS8iUAcgICZc7CYr10U+O4=
 			</data>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/randerr.h</key>
@@ -19193,11 +19798,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+			1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 			</data>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/rsaerr.h</key>
@@ -19248,11 +19853,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+			XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 			</data>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/shim.h</key>
@@ -19281,22 +19886,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+			Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 			</data>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/ssl.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			H6fBRX9V6tBvFg31BQ4llKH6iuU=
+			oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 			</data>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/ssl2.h</key>
@@ -19314,22 +19919,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+			quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 			</data>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/sslerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			yK43KOTkyrnZSQyDc5YAogavqJ8=
+			/eBMsgFyNFsW6ny0bkuBwgLrV74=
 			</data>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/sslerr_legacy.h</key>
@@ -19358,11 +19963,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			fegXSOFHdhd4iLv0QwfUKFQDdcA=
+			cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 			</data>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/storeerr.h</key>
@@ -19387,37 +19992,48 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>xros-arm64/OpenSSL.framework/Headers/thread.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			I1hNXzQNowl99hyAsBTCu2VmjRQ=
+			</data>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/tls1.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			X9R0FXKYZoqq6+rpqOicBgmUbY8=
+			2RPzwNlBNfKrQ1WyFD68eMEc//o=
 			</data>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/trace.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			piBR67GOuHdxC49rFxlGIf167T8=
+			fLX9FULaG2zjQ9KORHF12sHsL4U=
 			</data>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/ts.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			PvBLnP6OxB2m9yPm7iof8juEBnY=
+			18spUTy4DzuZorIB4Lp830dOb24=
 			</data>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/tserr.h</key>
@@ -19446,11 +20062,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			9FnIjEDd7Ga455uw7oTWdFsJurk=
+			edL/ICzzvHqFHJKhxWjK1eeWzDA=
 			</data>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/ui.h</key>
@@ -19490,66 +20106,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+			kRkTo7TTjRSRFn5qHP7JWVivHX0=
 			</data>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2N5BSz89lt/srKzCqnlOodJKXvg=
+			8na6aklL2A7onuXeMTRthbXhwOk=
 			</data>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/x509err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+			B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 			</data>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/x509v3.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2S/uEecfn7PGXF1xOEahZ/6gJIU=
+			5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 			</data>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Headers/x509v3err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Yuj0qO2vTX/exW9Ak907VCDetgE=
+			Y1fEIggloQI5ervvbjaNV/vKT94=
 			</data>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Info.plist</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			q6poUorFn9+M1BOWdRkgqjOklAw=
+			bah+ENbAp1Hpqi3etWGe3quZea0=
 			</data>
 			<key>hash2</key>
 			<data>
-			2PrZhvLp2oMU2RamcW+gihsz6LSnsz5WCkSMyplGcm8=
+			ZXUi3a0lzOUncL/oI+shKT2KEc+Gr3druuSfR0JnbRw=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/Modules/module.modulemap</key>
@@ -19567,11 +20183,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			40ZGXZq7DXBnskNoB9ZLYjIKed0=
+			uyymGMp16tTb2784jGasLFclgcQ=
 			</data>
 			<key>hash2</key>
 			<data>
-			1T39Xgw6+tQDqhXYtIDBdJWxrMALMyj1UoAfqZu1Wt4=
+			bokENjBojCMlbMZXAgmF5BEimBA2LsS3vMXx52at0jI=
 			</data>
 		</dict>
 		<key>xros-arm64/OpenSSL.framework/PrivacyInfo.xcprivacy</key>
@@ -19589,22 +20205,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			tNnBuiT6ECNN8DZE0r1MWAKUZpk=
+			2dBykbxAEg2+Lru1wHo619dMqmw=
 			</data>
 			<key>hash2</key>
 			<data>
-			b+kxPI87dQf4mdI+DE7hT1mPXHDYlXOE2aS0xEYGCuc=
+			lM7Zw2CaeyAdtrN/AWmcOtID8Ye6FnuU4JsNar+0b5A=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			hTczpMxXst5/jxVd7Q4r5rwxL9E=
+			hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 			</data>
 			<key>hash2</key>
 			<data>
-			yft2F7Aj6psADhcQ5aYdXILBsOgpypRmHUjn6XToeRM=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/aes.h</key>
@@ -19622,11 +20238,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			z+PsFkgcH1/rIuo3T9MODUoNK24=
+			IKHwL052GZDacEllpSjZOblGmp8=
 			</data>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1err.h</key>
@@ -19655,11 +20271,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+FaNb0DDHz6Z1bROedXceAi9ZFk=
+			DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 			</data>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/asyncerr.h</key>
@@ -19677,22 +20293,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			dhAlip0uGrwjivvfzXhz7gIBbL4=
+			jf7KjxIHyE1IXp6H14cZiso92NU=
 			</data>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			hLGduZHZSiaWh7890Ft+Dirp0V8=
+			IbiWzoIahXRttNPxiu0IIxtDPTw=
 			</data>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/blowfish.h</key>
@@ -19710,11 +20326,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+			6PFTH929dRBU8jPAwC+1gfmXlGc=
 			</data>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/bnerr.h</key>
@@ -19787,11 +20403,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+			3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 			</data>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp_util.h</key>
@@ -19809,66 +20425,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MAd6LB0eBGnM306fpyRFIKQcmnw=
+			+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 			</data>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			aohtAuDEldlIEw7LDjA5LYFYouQ=
+			8J3HyXxvCfQMYdroObf/TvDcJNM=
 			</data>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+			eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			cSe/54NKUratn7HXqkgwHAAbU+E=
+			R8EdXFre5Xth1a1xLWy+huW6XA8=
 			</data>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			na2NDAO6KtNEZeQJryn0rAk8gm0=
+			ffVaVXoIFyUQtghDWdg4YaL3yYA=
 			</data>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			nUukHRjB8Dl5FxMUw81UXmi108o=
+			eoMetSrNK1X+ip6Nv4MhDZFxESE=
 			</data>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf_api.h</key>
@@ -19897,11 +20513,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			xDMCUxVOWmILMt3EzLfdmjiceQ8=
+			yjr15PIOf/CqzXE+85wawHh2fs8=
 			</data>
 			<key>hash2</key>
 			<data>
-			vI2IhkR7ppZBfgghDO/R/IdSpmwLcb10phN45dtbeko=
+			kQ0lT9tiBDKsIi568LOmHyQmGYb3fv0zm5pkr4ipmEQ=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/conftypes.h</key>
@@ -19919,33 +20535,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			DgKxuVMedZnWrYwn3+QZmlvjWZc=
+			mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 			</data>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			zUi9uRmH2QVO4Mxx9idYALHrvAw=
+			OEt2/D0GlXTJj92u50WOnLzBcZw=
 			</data>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+			14HBtWbGIKudKLLGnsLvx1qFFAw=
 			</data>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_object.h</key>
@@ -19963,11 +20579,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			TzEzvoMGWZVYIVXybYVJXpBtPE4=
+			EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 			</data>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmferr.h</key>
@@ -19985,11 +20601,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+cZ/iqyPSjobdtAMfPofJkdC24s=
+			ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 			</data>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cryptoerr.h</key>
@@ -20018,11 +20634,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			oarc/5DbZaex1uozr5vLGecVUYk=
+			ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 			</data>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cterr.h</key>
@@ -20084,22 +20700,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			QifzkCnry6Rjwjm02D0W2iPpaoU=
+			PowAtdT+ur+5jz/YnAc0EHVVfYY=
 			</data>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			sz5tTilR8g0xjgAEoMUOAJgIQaY=
+			H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 			</data>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsaerr.h</key>
@@ -20128,11 +20744,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			tH/S000xyavHjsqNlVGAMQHtrPM=
+			0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
 			</data>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			Rl/39YfOzRSimoGdKMvxr1d00LM=
+			</data>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ebcdic.h</key>
@@ -20150,11 +20777,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			m7p7LakDX6kSXm8j7MWMgSLjumQ=
+			kkZLbejT9KttWpplQJutvdfleJ4=
 			</data>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ecdh.h</key>
@@ -20238,11 +20865,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			NvspHDi43yz2hiAWCvupOzf/71U=
+			PtVZORM3ByW96U6jpN72xVA5Dlo=
 			</data>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ess.h</key>
@@ -20271,22 +20898,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			xfiJMp65BDUi3aXZvvuZrt7L9+0=
+			u8HQdWo73ke46uV//yNBE9jiFec=
 			</data>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			NRjb8Dk85VMOg0csAOKMpjdNSvU=
+			K88FXrMN/IFeOll/L3T2NG1VAho=
 			</data>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/fips_names.h</key>
@@ -20322,15 +20949,26 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			C4ovQTTt0OhXALzYIGunYN0Watg=
+			</data>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			iNdpr4bT5ifrtYNy2wdayLYIWxg=
+			iqn5HuY54xYRncFTjLQB6CcMbpY=
 			</data>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/httperr.h</key>
@@ -20381,22 +21019,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			EMRnX9ax6zLHBXxnmTSiazj/Eag=
+			PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 			</data>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Usaoz4ODoAuZGwIWWW73o7Bacc0=
+			2Ofn24hQHHn/ydr7WESDi2Wf0us=
 			</data>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/md2.h</key>
@@ -20458,11 +21096,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			PKGiophkl+465XsKlaE0RbcWIpY=
+			eTx8IurZN7tVu4hYlw/OjmcTMU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/objects.h</key>
@@ -20524,11 +21162,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			mXcJfEZz+aFQawvCfn5r6HkVePE=
+			8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ossl_typ.h</key>
@@ -20568,11 +21206,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			biCqnu2V9RsFSKrBa/hF2A7+DLU=
+			kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 			</data>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem2.h</key>
@@ -20601,33 +21239,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MLVdfoh2kwlsuk9cXYskHRR3mys=
+			/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 			</data>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Gfn2rYsc58gNXbT6civ9+JHTERI=
+			6J06QNUavdqYCKAM/T8R8DaQfgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+			klUHME98kAar+DN4RqP/9F2nqgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7err.h</key>
@@ -20645,44 +21283,55 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			7rQU10ajXY8qFAuBupPVP4Z38b0=
+			I5abNWBI3Vr60mASKOdgGYGLnjM=
 			</data>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+			Us8FRSexKB+saV/iHv19bVqv1ys=
 			</data>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S/AzcddQm464ZXFcs7Vc0qr8H9o=
+			6rAp3g2H8LF8wEcSTgoPPhdjR0M=
 			</data>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			FT7e2yALtA5OrfVSMXVnHbyvNT0=
+			</data>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			RbjbL965PTH5V1c96XeaxDqc1Bs=
+			tX64JzS8iUAcgICZc7CYr10U+O4=
 			</data>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/randerr.h</key>
@@ -20744,11 +21393,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+			1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 			</data>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsaerr.h</key>
@@ -20799,11 +21448,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+			XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 			</data>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/shim.h</key>
@@ -20832,22 +21481,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+			Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 			</data>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			H6fBRX9V6tBvFg31BQ4llKH6iuU=
+			oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 			</data>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl2.h</key>
@@ -20865,22 +21514,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+			quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 			</data>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			yK43KOTkyrnZSQyDc5YAogavqJ8=
+			/eBMsgFyNFsW6ny0bkuBwgLrV74=
 			</data>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr_legacy.h</key>
@@ -20909,11 +21558,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			fegXSOFHdhd4iLv0QwfUKFQDdcA=
+			cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 			</data>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/storeerr.h</key>
@@ -20938,37 +21587,48 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			I1hNXzQNowl99hyAsBTCu2VmjRQ=
+			</data>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			X9R0FXKYZoqq6+rpqOicBgmUbY8=
+			2RPzwNlBNfKrQ1WyFD68eMEc//o=
 			</data>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			piBR67GOuHdxC49rFxlGIf167T8=
+			fLX9FULaG2zjQ9KORHF12sHsL4U=
 			</data>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			PvBLnP6OxB2m9yPm7iof8juEBnY=
+			18spUTy4DzuZorIB4Lp830dOb24=
 			</data>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/tserr.h</key>
@@ -20997,11 +21657,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			9FnIjEDd7Ga455uw7oTWdFsJurk=
+			edL/ICzzvHqFHJKhxWjK1eeWzDA=
 			</data>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ui.h</key>
@@ -21041,66 +21701,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+			kRkTo7TTjRSRFn5qHP7JWVivHX0=
 			</data>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2N5BSz89lt/srKzCqnlOodJKXvg=
+			8na6aklL2A7onuXeMTRthbXhwOk=
 			</data>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+			B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 			</data>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2S/uEecfn7PGXF1xOEahZ/6gJIU=
+			5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 			</data>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Yuj0qO2vTX/exW9Ak907VCDetgE=
+			Y1fEIggloQI5ervvbjaNV/vKT94=
 			</data>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Info.plist</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			lOWNiU8vTmatn1GZjzQm+Q8U0XQ=
+			JNDlylPmM0ICLugnp7oBSPEc+I0=
 			</data>
 			<key>hash2</key>
 			<data>
-			OaeIS6Xiqco/k9/OyvTbVkVnaeM+aRuve0guumjWCKw=
+			iJ5cRP6sq2jWWgRB4Ua97PvGaBV4YH7Wm9E8Ntrjm5g=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/Modules/module.modulemap</key>
@@ -21118,11 +21778,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			KeXyX2KmMaRDXXgHfPdR5A9PU48=
+			ZtAv+X5o8mZ9ynkghcyygulEyWI=
 			</data>
 			<key>hash2</key>
 			<data>
-			JwZuW7RPDQG2hy4+Pfh1kpB+2I3XNqH3OmPH+VDTSw4=
+			wq8oj2/EEFEfZ4IvPqY1cUClhL9bKlgp1nk6PyGoawA=
 			</data>
 		</dict>
 		<key>xros-arm64_x86_64-simulator/OpenSSL.framework/PrivacyInfo.xcprivacy</key>
@@ -21140,11 +21800,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			FmVqQ/xOL5+A+9zzorGjf0oV0Ss=
+			JpugKEilXXUy158vYwyBom/CX8Q=
 			</data>
 			<key>hash2</key>
 			<data>
-			ubUwFQLzIxIGwLSC8SjjkFWSSVyXnruS2iL6/Fk8hYQ=
+			nowMDL2ghnQFo1ZQJfDnEUAKPibgq9EKrm9fmpW1Ork=
 			</data>
 		</dict>
 	</dict>
diff --git a/Frameworks/OpenSSL.xcframework/_CodeSignature/CodeSignature b/Frameworks/OpenSSL.xcframework/_CodeSignature/CodeSignature
index 4cfd1147..8e73d125 100644
Binary files a/Frameworks/OpenSSL.xcframework/_CodeSignature/CodeSignature and b/Frameworks/OpenSSL.xcframework/_CodeSignature/CodeSignature differ
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/OpenSSL.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/OpenSSL.h
index 012a7faf..1e5785b9 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/OpenSSL.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/OpenSSL.h
@@ -1,4 +1,4 @@
-// ls -1 ../../iphoneos/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
+// ls -1 ../../appletvsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
 // Include before others:
 #include <OpenSSL/ssl.h>
 
@@ -55,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -72,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -104,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -124,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/asn1.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/asn1.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/async.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/async.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/bio.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/bio.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/bioerr.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/bioerr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/bn.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/bn.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/cmp.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/cmp.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/cmperr.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/cmperr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/cms.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/cms.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/cmserr.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/cmserr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/comp.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/comp.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/comperr.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/comperr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/conf.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/conf.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/configuration.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/configuration.h
index 960c84c5..09071376 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/configuration.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_iOS
 #  define OPENSSL_SYS_iOS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -112,6 +118,9 @@ extern "C" {
 # ifndef OPENSSL_NO_SSL3_METHOD
 #  define OPENSSL_NO_SSL3_METHOD
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -127,6 +136,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -148,6 +172,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/core.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/core.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/core_dispatch.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/core_dispatch.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/core_names.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/core_names.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/crmf.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/crmf.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/crypto.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/crypto.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ct.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ct.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/dherr.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/dherr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/dsa.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/dsa.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/e_os2.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/e_os2.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/e_ostime.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ec.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ec.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/err.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/err.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/evp.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/evp.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/evperr.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/evperr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/hpke.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/http.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/http.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/lhash.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/lhash.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/macros.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/macros.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/obj_mac.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/obj_mac.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/opensslv.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/opensslv.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/pem.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/pem.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/pkcs12.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/pkcs12.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/pkcs12err.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/pkcs12err.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/pkcs7.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/pkcs7.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/prov_ssl.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/prov_ssl.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/proverr.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/proverr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/provider.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/provider.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/quic.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/rand.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/rand.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/rsa.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/rsa.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/sha.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/sha.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/srtp.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/srtp.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ssl.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ssl.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ssl3.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ssl3.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/sslerr.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/sslerr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/store.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/store.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/thread.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/tls1.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/tls1.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/trace.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/trace.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ts.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ts.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/types.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/types.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509_vfy.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509_vfy.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509err.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509err.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509v3.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509v3.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509v3err.h b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509v3err.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Info.plist b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Info.plist
index deb37fc3..df714eec 100644
Binary files a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Info.plist and b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/Info.plist differ
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/OpenSSL b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/OpenSSL
index 0d50d330..1ead36f9 100755
Binary files a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/OpenSSL and b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/OpenSSL differ
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/_CodeSignature/CodeResources b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/_CodeSignature/CodeResources
index 0d6bd6e2..79e5f552 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/_CodeSignature/CodeResources
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/_CodeSignature/CodeResources
@@ -6,7 +6,7 @@
 	<dict>
 		<key>Headers/OpenSSL.h</key>
 		<data>
-		mHUne0OK2xRHc4qeSSyRhXvJGpU=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>Headers/aes.h</key>
 		<data>
@@ -14,7 +14,7 @@
 		</data>
 		<key>Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>Headers/asn1err.h</key>
 		<data>
@@ -26,7 +26,7 @@
 		</data>
 		<key>Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>Headers/asyncerr.h</key>
 		<data>
@@ -34,11 +34,11 @@
 		</data>
 		<key>Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>Headers/blowfish.h</key>
 		<data>
@@ -46,7 +46,7 @@
 		</data>
 		<key>Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>Headers/bnerr.h</key>
 		<data>
@@ -74,7 +74,7 @@
 		</data>
 		<key>Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>Headers/cmp_util.h</key>
 		<data>
@@ -82,27 +82,27 @@
 		</data>
 		<key>Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>Headers/conf_api.h</key>
 		<data>
@@ -114,7 +114,7 @@
 		</data>
 		<key>Headers/configuration.h</key>
 		<data>
-		+F2jiEDb2+x9S5t4KDebzaDtLpY=
+		ia9Lq9Ma5Kl0sdwkNFmHsS3OUkU=
 		</data>
 		<key>Headers/conftypes.h</key>
 		<data>
@@ -122,15 +122,15 @@
 		</data>
 		<key>Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>Headers/core_object.h</key>
 		<data>
@@ -138,7 +138,7 @@
 		</data>
 		<key>Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>Headers/crmferr.h</key>
 		<data>
@@ -146,7 +146,7 @@
 		</data>
 		<key>Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>Headers/cryptoerr.h</key>
 		<data>
@@ -158,7 +158,7 @@
 		</data>
 		<key>Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>Headers/cterr.h</key>
 		<data>
@@ -182,11 +182,11 @@
 		</data>
 		<key>Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>Headers/dsaerr.h</key>
 		<data>
@@ -198,7 +198,11 @@
 		</data>
 		<key>Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>Headers/ebcdic.h</key>
 		<data>
@@ -206,7 +210,7 @@
 		</data>
 		<key>Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>Headers/ecdh.h</key>
 		<data>
@@ -238,7 +242,7 @@
 		</data>
 		<key>Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>Headers/ess.h</key>
 		<data>
@@ -250,11 +254,11 @@
 		</data>
 		<key>Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>Headers/fips_names.h</key>
 		<data>
@@ -268,9 +272,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>Headers/httperr.h</key>
 		<data>
@@ -290,11 +298,11 @@
 		</data>
 		<key>Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>Headers/md2.h</key>
 		<data>
@@ -318,7 +326,7 @@
 		</data>
 		<key>Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>Headers/objects.h</key>
 		<data>
@@ -342,7 +350,7 @@
 		</data>
 		<key>Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>Headers/ossl_typ.h</key>
 		<data>
@@ -358,7 +366,7 @@
 		</data>
 		<key>Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>Headers/pem2.h</key>
 		<data>
@@ -370,15 +378,15 @@
 		</data>
 		<key>Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>Headers/pkcs7err.h</key>
 		<data>
@@ -386,19 +394,23 @@
 		</data>
 		<key>Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>Headers/randerr.h</key>
 		<data>
@@ -422,7 +434,7 @@
 		</data>
 		<key>Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>Headers/rsaerr.h</key>
 		<data>
@@ -442,7 +454,7 @@
 		</data>
 		<key>Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>Headers/shim.h</key>
 		<data>
@@ -454,11 +466,11 @@
 		</data>
 		<key>Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>Headers/ssl2.h</key>
 		<data>
@@ -466,11 +478,11 @@
 		</data>
 		<key>Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>Headers/sslerr_legacy.h</key>
 		<data>
@@ -482,7 +494,7 @@
 		</data>
 		<key>Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>Headers/storeerr.h</key>
 		<data>
@@ -492,17 +504,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>Headers/tserr.h</key>
 		<data>
@@ -514,7 +530,7 @@
 		</data>
 		<key>Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>Headers/ui.h</key>
 		<data>
@@ -530,27 +546,27 @@
 		</data>
 		<key>Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>Info.plist</key>
 		<data>
-		p8pGcPfYkvwcSjn6YFMGuc6tJ8Q=
+		QrYuUiaf0eAsvjMGE/3sfZCnj4w=
 		</data>
 		<key>Modules/module.modulemap</key>
 		<data>
@@ -567,7 +583,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			xLMOESMOjgEI6V0X+TU3/ELC4i3Y1gp9w3fkRfzGA88=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>Headers/aes.h</key>
@@ -581,7 +597,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -602,7 +618,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -616,14 +632,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -637,7 +653,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -686,7 +702,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -700,42 +716,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -756,7 +772,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			cs0kyZNCNdHbtdmNU1KeoB/r0e8M1WZ9ssC9Mu9hsaM=
+			U+oCGPKn5mmjbIJuiM9+qxL6r+Nyru/o9FRYnKGxn88=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -770,21 +786,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -798,7 +814,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -812,7 +828,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -833,7 +849,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -875,14 +891,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -903,7 +919,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -917,7 +940,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -973,7 +996,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -994,14 +1017,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -1025,11 +1048,18 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -1064,14 +1094,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -1113,7 +1143,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -1155,7 +1185,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -1183,7 +1213,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -1204,21 +1234,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -1232,28 +1262,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -1295,7 +1332,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -1330,7 +1367,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -1351,14 +1388,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -1372,14 +1409,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -1400,7 +1437,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -1417,25 +1454,32 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -1456,7 +1500,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -1484,35 +1528,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>Modules/module.modulemap</key>
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/OpenSSL.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/OpenSSL.h
index 215f71cd..1e5785b9 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/OpenSSL.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/OpenSSL.h
@@ -1,3 +1,4 @@
+// ls -1 ../../appletvsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
 // Include before others:
 #include <OpenSSL/ssl.h>
 
@@ -54,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -71,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -103,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -123,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
@@ -137,4 +142,3 @@
 #include <OpenSSL/x509err.h>
 #include <OpenSSL/x509v3.h>
 #include <OpenSSL/x509v3err.h>
-
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/asn1.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/asn1.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/async.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/async.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/bio.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/bio.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/bioerr.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/bioerr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/bn.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/bn.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cmp.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cmp.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cmperr.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cmperr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cms.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cms.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cmserr.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cmserr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/comp.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/comp.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/comperr.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/comperr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/conf.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/conf.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/configuration.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/configuration.h
index c528d3f5..9eac98ec 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/configuration.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_MacOSX
 #  define OPENSSL_SYS_MacOSX 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -112,6 +118,9 @@ extern "C" {
 # ifndef OPENSSL_NO_SSL3_METHOD
 #  define OPENSSL_NO_SSL3_METHOD
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -127,6 +136,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -148,6 +172,12 @@ extern "C" {
 
 # define RC4_INT unsigned int
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core_dispatch.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core_dispatch.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core_names.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core_names.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/crmf.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/crmf.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/crypto.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/crypto.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ct.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ct.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/dherr.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/dherr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/dsa.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/dsa.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/e_os2.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/e_os2.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/e_ostime.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ec.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ec.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/err.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/err.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/evp.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/evp.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/evperr.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/evperr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/hpke.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/http.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/http.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/lhash.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/lhash.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/macros.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/macros.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/obj_mac.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/obj_mac.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/opensslv.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/opensslv.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pem.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pem.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs12.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs12.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs12err.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs12err.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs7.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs7.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/prov_ssl.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/prov_ssl.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/proverr.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/proverr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/provider.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/provider.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/quic.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/rand.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/rand.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/rsa.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/rsa.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/sha.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/sha.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/srtp.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/srtp.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ssl.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ssl.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ssl3.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ssl3.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/sslerr.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/sslerr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/store.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/store.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/thread.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/tls1.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/tls1.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/trace.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/trace.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ts.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ts.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/types.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/types.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509_vfy.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509_vfy.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509err.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509err.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509v3.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509v3.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509v3err.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509v3err.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/OpenSSL b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/OpenSSL
index 7f6b492e..1065a5b9 100755
Binary files a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/OpenSSL and b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/OpenSSL differ
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Resources/Info.plist b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Resources/Info.plist
index 3fd19a64..2a79dc8f 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Resources/Info.plist
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/Resources/Info.plist
@@ -3,7 +3,7 @@
 <plist version="1.0">
 <dict>
 	<key>BuildMachineOSBuild</key>
-	<string>23F79</string>
+	<string>23G80</string>
 	<key>CFBundleDevelopmentRegion</key>
 	<string>en</string>
 	<key>CFBundleExecutable</key>
@@ -17,7 +17,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>3.1.6000</string>
+	<string>3.2.2000</string>
 	<key>CFBundleSupportedPlatforms</key>
 	<array>
 		<string>MacOSX</string>
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/_CodeSignature/CodeResources b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/_CodeSignature/CodeResources
index 299c06d8..1e983872 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/_CodeSignature/CodeResources
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Versions/A/_CodeSignature/CodeResources
@@ -6,7 +6,7 @@
 	<dict>
 		<key>Resources/Info.plist</key>
 		<data>
-		OJvQ7pX3wlgZRJKyNUDPz1Nh/6c=
+		locKjucac2EJ89FRFaQ2fAquWYc=
 		</data>
 		<key>Resources/PrivacyInfo.xcprivacy</key>
 		<data>
@@ -19,7 +19,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			D2BYxlAqnizcnS9U3aoMLgxeXmkTrZNBx6cGmNsSqRQ=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>Headers/aes.h</key>
@@ -33,7 +33,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -54,7 +54,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -68,14 +68,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -89,7 +89,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -138,7 +138,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -152,42 +152,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -208,7 +208,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			aS1Dl916uCFc1MMoDEmdeNcmxDpqochC8fhGgnn3+EU=
+			+jfF9b6H8IHvka44tRlIBPNUCGZJHt5pUyvP/gzKB1U=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -222,21 +222,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -250,7 +250,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -264,7 +264,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -285,7 +285,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -327,14 +327,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -355,7 +355,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -369,7 +376,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -425,7 +432,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -446,14 +453,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -477,11 +484,18 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -516,14 +530,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -565,7 +579,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -607,7 +621,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -635,7 +649,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -656,21 +670,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -684,28 +698,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -747,7 +768,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -782,7 +803,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -803,14 +824,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -824,14 +845,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -852,7 +873,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -869,25 +890,32 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -908,7 +936,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -936,35 +964,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>Modules/module.modulemap</key>
@@ -978,7 +1006,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			yczszjXaMdNjkzN8QAh3+KJb8CT9PUta8R5wlU3Sjmk=
+			ez/Aj0H33BcLqRgrYn5ICQTTXnbR7jOS5WgmhhjSVUg=
 			</data>
 		</dict>
 		<key>Resources/PrivacyInfo.xcprivacy</key>
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h
index b52a9966..1e5785b9 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h
@@ -1,3 +1,4 @@
+// ls -1 ../../appletvsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
 // Include before others:
 #include <OpenSSL/ssl.h>
 
@@ -54,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -71,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -103,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -123,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h
index 960c84c5..09071376 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_iOS
 #  define OPENSSL_SYS_iOS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -112,6 +118,9 @@ extern "C" {
 # ifndef OPENSSL_NO_SSL3_METHOD
 #  define OPENSSL_NO_SSL3_METHOD
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -127,6 +136,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -148,6 +172,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Info.plist b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Info.plist
index 252b3590..a536f4bb 100644
Binary files a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Info.plist and b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/Info.plist differ
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL
index ecb50389..d5d69022 100755
Binary files a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL and b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL differ
diff --git a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources
index c851fb34..b5ffae67 100644
--- a/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources
+++ b/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources
@@ -6,7 +6,7 @@
 	<dict>
 		<key>Headers/OpenSSL.h</key>
 		<data>
-		fK1QdcAv69VIFSZCMl9bAZN5138=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>Headers/aes.h</key>
 		<data>
@@ -14,7 +14,7 @@
 		</data>
 		<key>Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>Headers/asn1err.h</key>
 		<data>
@@ -26,7 +26,7 @@
 		</data>
 		<key>Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>Headers/asyncerr.h</key>
 		<data>
@@ -34,11 +34,11 @@
 		</data>
 		<key>Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>Headers/blowfish.h</key>
 		<data>
@@ -46,7 +46,7 @@
 		</data>
 		<key>Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>Headers/bnerr.h</key>
 		<data>
@@ -74,7 +74,7 @@
 		</data>
 		<key>Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>Headers/cmp_util.h</key>
 		<data>
@@ -82,27 +82,27 @@
 		</data>
 		<key>Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>Headers/conf_api.h</key>
 		<data>
@@ -114,7 +114,7 @@
 		</data>
 		<key>Headers/configuration.h</key>
 		<data>
-		+F2jiEDb2+x9S5t4KDebzaDtLpY=
+		ia9Lq9Ma5Kl0sdwkNFmHsS3OUkU=
 		</data>
 		<key>Headers/conftypes.h</key>
 		<data>
@@ -122,15 +122,15 @@
 		</data>
 		<key>Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>Headers/core_object.h</key>
 		<data>
@@ -138,7 +138,7 @@
 		</data>
 		<key>Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>Headers/crmferr.h</key>
 		<data>
@@ -146,7 +146,7 @@
 		</data>
 		<key>Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>Headers/cryptoerr.h</key>
 		<data>
@@ -158,7 +158,7 @@
 		</data>
 		<key>Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>Headers/cterr.h</key>
 		<data>
@@ -182,11 +182,11 @@
 		</data>
 		<key>Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>Headers/dsaerr.h</key>
 		<data>
@@ -198,7 +198,11 @@
 		</data>
 		<key>Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>Headers/ebcdic.h</key>
 		<data>
@@ -206,7 +210,7 @@
 		</data>
 		<key>Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>Headers/ecdh.h</key>
 		<data>
@@ -238,7 +242,7 @@
 		</data>
 		<key>Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>Headers/ess.h</key>
 		<data>
@@ -250,11 +254,11 @@
 		</data>
 		<key>Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>Headers/fips_names.h</key>
 		<data>
@@ -268,9 +272,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>Headers/httperr.h</key>
 		<data>
@@ -290,11 +298,11 @@
 		</data>
 		<key>Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>Headers/md2.h</key>
 		<data>
@@ -318,7 +326,7 @@
 		</data>
 		<key>Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>Headers/objects.h</key>
 		<data>
@@ -342,7 +350,7 @@
 		</data>
 		<key>Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>Headers/ossl_typ.h</key>
 		<data>
@@ -358,7 +366,7 @@
 		</data>
 		<key>Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>Headers/pem2.h</key>
 		<data>
@@ -370,15 +378,15 @@
 		</data>
 		<key>Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>Headers/pkcs7err.h</key>
 		<data>
@@ -386,19 +394,23 @@
 		</data>
 		<key>Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>Headers/randerr.h</key>
 		<data>
@@ -422,7 +434,7 @@
 		</data>
 		<key>Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>Headers/rsaerr.h</key>
 		<data>
@@ -442,7 +454,7 @@
 		</data>
 		<key>Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>Headers/shim.h</key>
 		<data>
@@ -454,11 +466,11 @@
 		</data>
 		<key>Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>Headers/ssl2.h</key>
 		<data>
@@ -466,11 +478,11 @@
 		</data>
 		<key>Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>Headers/sslerr_legacy.h</key>
 		<data>
@@ -482,7 +494,7 @@
 		</data>
 		<key>Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>Headers/storeerr.h</key>
 		<data>
@@ -492,17 +504,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>Headers/tserr.h</key>
 		<data>
@@ -514,7 +530,7 @@
 		</data>
 		<key>Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>Headers/ui.h</key>
 		<data>
@@ -530,27 +546,27 @@
 		</data>
 		<key>Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>Info.plist</key>
 		<data>
-		0m8oytXurvYln9OPfsAnw+9bPyc=
+		Wx0Sw4H53tuW3NqecVlInMDXno4=
 		</data>
 		<key>Modules/module.modulemap</key>
 		<data>
@@ -567,7 +583,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+aggzhoLQO9+2U0R3B6NGZYcUWXNz7998XU85JtsB0E=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>Headers/aes.h</key>
@@ -581,7 +597,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -602,7 +618,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -616,14 +632,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -637,7 +653,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -686,7 +702,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -700,42 +716,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -756,7 +772,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			cs0kyZNCNdHbtdmNU1KeoB/r0e8M1WZ9ssC9Mu9hsaM=
+			U+oCGPKn5mmjbIJuiM9+qxL6r+Nyru/o9FRYnKGxn88=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -770,21 +786,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -798,7 +814,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -812,7 +828,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -833,7 +849,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -875,14 +891,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -903,7 +919,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -917,7 +940,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -973,7 +996,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -994,14 +1017,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -1025,11 +1048,18 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -1064,14 +1094,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -1113,7 +1143,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -1155,7 +1185,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -1183,7 +1213,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -1204,21 +1234,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -1232,28 +1262,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -1295,7 +1332,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -1330,7 +1367,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -1351,14 +1388,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -1372,14 +1409,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -1400,7 +1437,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -1417,25 +1454,32 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -1456,7 +1500,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -1484,35 +1528,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>Modules/module.modulemap</key>
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/OpenSSL.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/OpenSSL.h
index b52a9966..1e5785b9 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/OpenSSL.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/OpenSSL.h
@@ -1,3 +1,4 @@
+// ls -1 ../../appletvsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
 // Include before others:
 #include <OpenSSL/ssl.h>
 
@@ -54,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -71,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -103,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -123,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/asn1.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/asn1.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/async.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/async.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/bio.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/bio.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/bioerr.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/bioerr.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/bn.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/bn.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cmp.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cmp.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cmperr.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cmperr.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cms.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cms.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cmserr.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cmserr.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/comp.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/comp.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/comperr.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/comperr.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/conf.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/conf.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/configuration.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/configuration.h
index c528d3f5..9eac98ec 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/configuration.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_MacOSX
 #  define OPENSSL_SYS_MacOSX 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -112,6 +118,9 @@ extern "C" {
 # ifndef OPENSSL_NO_SSL3_METHOD
 #  define OPENSSL_NO_SSL3_METHOD
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -127,6 +136,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -148,6 +172,12 @@ extern "C" {
 
 # define RC4_INT unsigned int
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core_dispatch.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core_dispatch.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core_names.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core_names.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/crmf.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/crmf.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/crypto.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/crypto.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ct.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ct.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/dherr.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/dherr.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/dsa.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/dsa.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/e_os2.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/e_os2.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/e_ostime.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ec.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ec.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/err.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/err.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/evp.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/evp.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/evperr.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/evperr.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/hpke.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/http.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/http.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/lhash.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/lhash.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/macros.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/macros.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/obj_mac.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/obj_mac.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/opensslv.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/opensslv.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pem.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pem.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs12.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs12.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs12err.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs12err.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs7.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs7.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/prov_ssl.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/prov_ssl.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/proverr.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/proverr.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/provider.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/provider.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/quic.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/rand.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/rand.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/rsa.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/rsa.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/sha.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/sha.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/srtp.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/srtp.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ssl.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ssl.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ssl3.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ssl3.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/sslerr.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/sslerr.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/store.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/store.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/thread.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/tls1.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/tls1.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/trace.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/trace.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ts.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ts.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/types.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/types.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509_vfy.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509_vfy.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509err.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509err.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509v3.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509v3.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509v3err.h b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509v3err.h
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/OpenSSL b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/OpenSSL
index 98842742..4bb27c47 100755
Binary files a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/OpenSSL and b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/OpenSSL differ
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Resources/Info.plist b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Resources/Info.plist
index c3a3484e..5c5ffe87 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Resources/Info.plist
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/Resources/Info.plist
@@ -3,7 +3,7 @@
 <plist version="1.0">
 <dict>
 	<key>BuildMachineOSBuild</key>
-	<string>23F79</string>
+	<string>23G80</string>
 	<key>CFBundleDevelopmentRegion</key>
 	<string>en</string>
 	<key>CFBundleExecutable</key>
@@ -17,7 +17,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>3.1.6000</string>
+	<string>3.2.2000</string>
 	<key>CFBundleSupportedPlatforms</key>
 	<array>
 		<string>MacOSX</string>
diff --git a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/_CodeSignature/CodeResources b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/_CodeSignature/CodeResources
index ac4f0fdf..649dc7a4 100644
--- a/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/_CodeSignature/CodeResources
+++ b/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/Versions/A/_CodeSignature/CodeResources
@@ -6,7 +6,7 @@
 	<dict>
 		<key>Resources/Info.plist</key>
 		<data>
-		dXJ6Wg6vzE61Loe5kgfN6ogyAJc=
+		ygSh/JNcojZ+defoLJ/ubUODJLc=
 		</data>
 		<key>Resources/PrivacyInfo.xcprivacy</key>
 		<data>
@@ -19,7 +19,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+aggzhoLQO9+2U0R3B6NGZYcUWXNz7998XU85JtsB0E=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>Headers/aes.h</key>
@@ -33,7 +33,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -54,7 +54,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -68,14 +68,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -89,7 +89,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -138,7 +138,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -152,42 +152,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -208,7 +208,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			aS1Dl916uCFc1MMoDEmdeNcmxDpqochC8fhGgnn3+EU=
+			+jfF9b6H8IHvka44tRlIBPNUCGZJHt5pUyvP/gzKB1U=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -222,21 +222,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -250,7 +250,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -264,7 +264,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -285,7 +285,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -327,14 +327,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -355,7 +355,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -369,7 +376,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -425,7 +432,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -446,14 +453,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -477,11 +484,18 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -516,14 +530,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -565,7 +579,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -607,7 +621,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -635,7 +649,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -656,21 +670,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -684,28 +698,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -747,7 +768,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -782,7 +803,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -803,14 +824,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -824,14 +845,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -852,7 +873,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -869,25 +890,32 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -908,7 +936,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -936,35 +964,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>Modules/module.modulemap</key>
@@ -978,7 +1006,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tYNeLW9mhkLAnNMYLRCVgMEhFolXP4HSjviIg4XYe+I=
+			X+T9j5rz5orbYzukuy7H2TfiCOx9yj/t2Vxn7bcwYwg=
 			</data>
 		</dict>
 		<key>Resources/PrivacyInfo.xcprivacy</key>
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/OpenSSL.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/OpenSSL.h
index 38e2c330..1e5785b9 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/OpenSSL.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/OpenSSL.h
@@ -55,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -72,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -104,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -124,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/asn1.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/asn1.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/async.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/async.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/bio.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/bio.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/bioerr.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/bioerr.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/bn.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/bn.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/cmp.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/cmp.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/cmperr.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/cmperr.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/cms.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/cms.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/cmserr.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/cmserr.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/comp.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/comp.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/comperr.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/comperr.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/conf.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/conf.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/configuration.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/configuration.h
index f38adf2f..e53c0dac 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/configuration.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_tvOS
 #  define OPENSSL_SYS_tvOS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -115,6 +121,9 @@ extern "C" {
 # ifndef OPENSSL_NO_TESTS
 #  define OPENSSL_NO_TESTS
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -130,6 +139,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -151,6 +175,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/core.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/core.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/core_dispatch.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/core_dispatch.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/core_names.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/core_names.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/crmf.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/crmf.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/crypto.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/crypto.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ct.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ct.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/dherr.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/dherr.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/dsa.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/dsa.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/e_os2.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/e_os2.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/e_ostime.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ec.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ec.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/err.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/err.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/evp.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/evp.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/evperr.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/evperr.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/hpke.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/http.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/http.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/lhash.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/lhash.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/macros.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/macros.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/obj_mac.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/obj_mac.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/opensslv.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/opensslv.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/pem.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/pem.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/pkcs12.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/pkcs12.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/pkcs12err.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/pkcs12err.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/pkcs7.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/pkcs7.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/prov_ssl.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/prov_ssl.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/proverr.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/proverr.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/provider.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/provider.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/quic.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/rand.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/rand.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/rsa.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/rsa.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/sha.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/sha.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/srtp.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/srtp.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ssl.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ssl.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ssl3.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ssl3.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/sslerr.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/sslerr.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/store.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/store.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/thread.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/tls1.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/tls1.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/trace.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/trace.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ts.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ts.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/types.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/types.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509_vfy.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509_vfy.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509err.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509err.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509v3.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509v3.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509v3err.h b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509v3err.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Info.plist b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Info.plist
index 253ffb49..47917f5a 100644
Binary files a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Info.plist and b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/Info.plist differ
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/OpenSSL b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/OpenSSL
index aa6a7d73..a192b9b4 100755
Binary files a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/OpenSSL and b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/OpenSSL differ
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/_CodeSignature/CodeResources b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/_CodeSignature/CodeResources
index 1dade78d..11bdded8 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/_CodeSignature/CodeResources
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64/OpenSSL.framework/_CodeSignature/CodeResources
@@ -6,7 +6,7 @@
 	<dict>
 		<key>Headers/OpenSSL.h</key>
 		<data>
-		vc1jSl1OkdYUvhhMMZYtn89+rt4=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>Headers/aes.h</key>
 		<data>
@@ -14,7 +14,7 @@
 		</data>
 		<key>Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>Headers/asn1err.h</key>
 		<data>
@@ -26,7 +26,7 @@
 		</data>
 		<key>Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>Headers/asyncerr.h</key>
 		<data>
@@ -34,11 +34,11 @@
 		</data>
 		<key>Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>Headers/blowfish.h</key>
 		<data>
@@ -46,7 +46,7 @@
 		</data>
 		<key>Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>Headers/bnerr.h</key>
 		<data>
@@ -74,7 +74,7 @@
 		</data>
 		<key>Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>Headers/cmp_util.h</key>
 		<data>
@@ -82,27 +82,27 @@
 		</data>
 		<key>Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>Headers/conf_api.h</key>
 		<data>
@@ -114,7 +114,7 @@
 		</data>
 		<key>Headers/configuration.h</key>
 		<data>
-		1Ocg2HkmksHWEL7ue/UNifUsa0g=
+		31BE8LwRUj29KzYtu8s7CYNvvoY=
 		</data>
 		<key>Headers/conftypes.h</key>
 		<data>
@@ -122,15 +122,15 @@
 		</data>
 		<key>Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>Headers/core_object.h</key>
 		<data>
@@ -138,7 +138,7 @@
 		</data>
 		<key>Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>Headers/crmferr.h</key>
 		<data>
@@ -146,7 +146,7 @@
 		</data>
 		<key>Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>Headers/cryptoerr.h</key>
 		<data>
@@ -158,7 +158,7 @@
 		</data>
 		<key>Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>Headers/cterr.h</key>
 		<data>
@@ -182,11 +182,11 @@
 		</data>
 		<key>Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>Headers/dsaerr.h</key>
 		<data>
@@ -198,7 +198,11 @@
 		</data>
 		<key>Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>Headers/ebcdic.h</key>
 		<data>
@@ -206,7 +210,7 @@
 		</data>
 		<key>Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>Headers/ecdh.h</key>
 		<data>
@@ -238,7 +242,7 @@
 		</data>
 		<key>Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>Headers/ess.h</key>
 		<data>
@@ -250,11 +254,11 @@
 		</data>
 		<key>Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>Headers/fips_names.h</key>
 		<data>
@@ -268,9 +272,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>Headers/httperr.h</key>
 		<data>
@@ -290,11 +298,11 @@
 		</data>
 		<key>Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>Headers/md2.h</key>
 		<data>
@@ -318,7 +326,7 @@
 		</data>
 		<key>Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>Headers/objects.h</key>
 		<data>
@@ -342,7 +350,7 @@
 		</data>
 		<key>Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>Headers/ossl_typ.h</key>
 		<data>
@@ -358,7 +366,7 @@
 		</data>
 		<key>Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>Headers/pem2.h</key>
 		<data>
@@ -370,15 +378,15 @@
 		</data>
 		<key>Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>Headers/pkcs7err.h</key>
 		<data>
@@ -386,19 +394,23 @@
 		</data>
 		<key>Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>Headers/randerr.h</key>
 		<data>
@@ -422,7 +434,7 @@
 		</data>
 		<key>Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>Headers/rsaerr.h</key>
 		<data>
@@ -442,7 +454,7 @@
 		</data>
 		<key>Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>Headers/shim.h</key>
 		<data>
@@ -454,11 +466,11 @@
 		</data>
 		<key>Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>Headers/ssl2.h</key>
 		<data>
@@ -466,11 +478,11 @@
 		</data>
 		<key>Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>Headers/sslerr_legacy.h</key>
 		<data>
@@ -482,7 +494,7 @@
 		</data>
 		<key>Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>Headers/storeerr.h</key>
 		<data>
@@ -492,17 +504,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>Headers/tserr.h</key>
 		<data>
@@ -514,7 +530,7 @@
 		</data>
 		<key>Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>Headers/ui.h</key>
 		<data>
@@ -530,27 +546,27 @@
 		</data>
 		<key>Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>Info.plist</key>
 		<data>
-		oZXhDOU/3AFMLSF66La/lrevBPU=
+		+KCnD2Ok5EzpN+IJyljnRpZaVNw=
 		</data>
 		<key>Modules/module.modulemap</key>
 		<data>
@@ -567,7 +583,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			EggoyS3j3Er2SpPJ3u0M9cnFMeBqHLMI5FC+4hk+/r8=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>Headers/aes.h</key>
@@ -581,7 +597,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -602,7 +618,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -616,14 +632,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -637,7 +653,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -686,7 +702,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -700,42 +716,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -756,7 +772,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			OatY/PLTIkisneKKfv6D8r/kTTzFi8lhMBzStS3WR6o=
+			ER9xEddHqSW07OKwxmxDF6wnf3kxWVZk/1pXhWOkMRg=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -770,21 +786,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -798,7 +814,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -812,7 +828,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -833,7 +849,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -875,14 +891,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -903,7 +919,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -917,7 +940,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -973,7 +996,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -994,14 +1017,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -1025,11 +1048,18 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -1064,14 +1094,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -1113,7 +1143,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -1155,7 +1185,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -1183,7 +1213,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -1204,21 +1234,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -1232,28 +1262,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -1295,7 +1332,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -1330,7 +1367,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -1351,14 +1388,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -1372,14 +1409,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -1400,7 +1437,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -1417,25 +1454,32 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -1456,7 +1500,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -1484,35 +1528,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>Modules/module.modulemap</key>
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h
index 0a929f3c..1e5785b9 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h
@@ -1,4 +1,4 @@
-// ls -1 ../../appletvos/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
+// ls -1 ../../appletvsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
 // Include before others:
 #include <OpenSSL/ssl.h>
 
@@ -55,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -72,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -104,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -124,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h
index f38adf2f..e53c0dac 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_tvOS
 #  define OPENSSL_SYS_tvOS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -115,6 +121,9 @@ extern "C" {
 # ifndef OPENSSL_NO_TESTS
 #  define OPENSSL_NO_TESTS
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -130,6 +139,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -151,6 +175,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Info.plist b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Info.plist
index 8bd2ece6..dbbb02ac 100644
Binary files a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Info.plist and b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/Info.plist differ
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL
index d9198061..c271073a 100755
Binary files a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL and b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL differ
diff --git a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources
index 17bcd924..aea24d78 100644
--- a/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources
+++ b/Frameworks/OpenSSL.xcframework/tvos-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources
@@ -6,7 +6,7 @@
 	<dict>
 		<key>Headers/OpenSSL.h</key>
 		<data>
-		r0aBnOwrMBAaT5qwutVA9mzGMlQ=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>Headers/aes.h</key>
 		<data>
@@ -14,7 +14,7 @@
 		</data>
 		<key>Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>Headers/asn1err.h</key>
 		<data>
@@ -26,7 +26,7 @@
 		</data>
 		<key>Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>Headers/asyncerr.h</key>
 		<data>
@@ -34,11 +34,11 @@
 		</data>
 		<key>Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>Headers/blowfish.h</key>
 		<data>
@@ -46,7 +46,7 @@
 		</data>
 		<key>Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>Headers/bnerr.h</key>
 		<data>
@@ -74,7 +74,7 @@
 		</data>
 		<key>Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>Headers/cmp_util.h</key>
 		<data>
@@ -82,27 +82,27 @@
 		</data>
 		<key>Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>Headers/conf_api.h</key>
 		<data>
@@ -114,7 +114,7 @@
 		</data>
 		<key>Headers/configuration.h</key>
 		<data>
-		1Ocg2HkmksHWEL7ue/UNifUsa0g=
+		31BE8LwRUj29KzYtu8s7CYNvvoY=
 		</data>
 		<key>Headers/conftypes.h</key>
 		<data>
@@ -122,15 +122,15 @@
 		</data>
 		<key>Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>Headers/core_object.h</key>
 		<data>
@@ -138,7 +138,7 @@
 		</data>
 		<key>Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>Headers/crmferr.h</key>
 		<data>
@@ -146,7 +146,7 @@
 		</data>
 		<key>Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>Headers/cryptoerr.h</key>
 		<data>
@@ -158,7 +158,7 @@
 		</data>
 		<key>Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>Headers/cterr.h</key>
 		<data>
@@ -182,11 +182,11 @@
 		</data>
 		<key>Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>Headers/dsaerr.h</key>
 		<data>
@@ -198,7 +198,11 @@
 		</data>
 		<key>Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>Headers/ebcdic.h</key>
 		<data>
@@ -206,7 +210,7 @@
 		</data>
 		<key>Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>Headers/ecdh.h</key>
 		<data>
@@ -238,7 +242,7 @@
 		</data>
 		<key>Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>Headers/ess.h</key>
 		<data>
@@ -250,11 +254,11 @@
 		</data>
 		<key>Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>Headers/fips_names.h</key>
 		<data>
@@ -268,9 +272,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>Headers/httperr.h</key>
 		<data>
@@ -290,11 +298,11 @@
 		</data>
 		<key>Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>Headers/md2.h</key>
 		<data>
@@ -318,7 +326,7 @@
 		</data>
 		<key>Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>Headers/objects.h</key>
 		<data>
@@ -342,7 +350,7 @@
 		</data>
 		<key>Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>Headers/ossl_typ.h</key>
 		<data>
@@ -358,7 +366,7 @@
 		</data>
 		<key>Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>Headers/pem2.h</key>
 		<data>
@@ -370,15 +378,15 @@
 		</data>
 		<key>Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>Headers/pkcs7err.h</key>
 		<data>
@@ -386,19 +394,23 @@
 		</data>
 		<key>Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>Headers/randerr.h</key>
 		<data>
@@ -422,7 +434,7 @@
 		</data>
 		<key>Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>Headers/rsaerr.h</key>
 		<data>
@@ -442,7 +454,7 @@
 		</data>
 		<key>Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>Headers/shim.h</key>
 		<data>
@@ -454,11 +466,11 @@
 		</data>
 		<key>Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>Headers/ssl2.h</key>
 		<data>
@@ -466,11 +478,11 @@
 		</data>
 		<key>Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>Headers/sslerr_legacy.h</key>
 		<data>
@@ -482,7 +494,7 @@
 		</data>
 		<key>Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>Headers/storeerr.h</key>
 		<data>
@@ -492,17 +504,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>Headers/tserr.h</key>
 		<data>
@@ -514,7 +530,7 @@
 		</data>
 		<key>Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>Headers/ui.h</key>
 		<data>
@@ -530,27 +546,27 @@
 		</data>
 		<key>Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>Info.plist</key>
 		<data>
-		aiAmlwCKlv6I/bfXU9M0giCEtpw=
+		gd7rWr8OhyDXUVClEo5R5CxFUjQ=
 		</data>
 		<key>Modules/module.modulemap</key>
 		<data>
@@ -567,7 +583,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			msqVwR47UBq8NW0jrEVEhic9U54tGzUqV2uJt9weAP8=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>Headers/aes.h</key>
@@ -581,7 +597,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -602,7 +618,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -616,14 +632,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -637,7 +653,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -686,7 +702,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -700,42 +716,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -756,7 +772,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			OatY/PLTIkisneKKfv6D8r/kTTzFi8lhMBzStS3WR6o=
+			ER9xEddHqSW07OKwxmxDF6wnf3kxWVZk/1pXhWOkMRg=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -770,21 +786,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -798,7 +814,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -812,7 +828,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -833,7 +849,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -875,14 +891,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -903,7 +919,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -917,7 +940,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -973,7 +996,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -994,14 +1017,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -1025,11 +1048,18 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -1064,14 +1094,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -1113,7 +1143,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -1155,7 +1185,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -1183,7 +1213,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -1204,21 +1234,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -1232,28 +1262,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -1295,7 +1332,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -1330,7 +1367,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -1351,14 +1388,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -1372,14 +1409,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -1400,7 +1437,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -1417,25 +1454,32 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -1456,7 +1500,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -1484,35 +1528,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>Modules/module.modulemap</key>
diff --git a/support/appletvos/OpenSSL.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/OpenSSL.h
similarity index 97%
rename from support/appletvos/OpenSSL.h
rename to Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/OpenSSL.h
index 38e2c330..1e5785b9 100644
--- a/support/appletvos/OpenSSL.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/OpenSSL.h
@@ -55,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -72,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -104,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -124,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/asn1.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/asn1.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/async.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/async.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/bio.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/bio.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/bioerr.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/bioerr.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/bn.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/bn.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cmp.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cmp.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cmperr.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cmperr.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cms.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cms.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cmserr.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cmserr.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/comp.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/comp.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/comperr.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/comperr.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/conf.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/conf.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/configuration.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/configuration.h
index 4f3c8050..2e2e7246 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/configuration.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_watchOS
 #  define OPENSSL_SYS_watchOS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -115,6 +121,9 @@ extern "C" {
 # ifndef OPENSSL_NO_TESTS
 #  define OPENSSL_NO_TESTS
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -130,6 +139,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -151,6 +175,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core_dispatch.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core_dispatch.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core_names.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core_names.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/crmf.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/crmf.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/crypto.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/crypto.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ct.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ct.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/dherr.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/dherr.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/dsa.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/dsa.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/e_os2.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/e_os2.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/e_ostime.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ec.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ec.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/err.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/err.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/evp.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/evp.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/evperr.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/evperr.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/hpke.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/http.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/http.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/lhash.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/lhash.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/macros.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/macros.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/obj_mac.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/obj_mac.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/opensslv.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/opensslv.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pem.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pem.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs12.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs12.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs12err.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs12err.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs7.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs7.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/prov_ssl.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/prov_ssl.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/proverr.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/proverr.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/provider.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/provider.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/quic.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/rand.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/rand.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/rsa.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/rsa.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/sha.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/sha.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/srtp.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/srtp.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ssl.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ssl.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ssl3.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ssl3.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/sslerr.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/sslerr.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/store.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/store.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/thread.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/tls1.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/tls1.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/trace.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/trace.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ts.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ts.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/types.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/types.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509_vfy.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509_vfy.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509err.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509err.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509v3.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509v3.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509v3err.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509v3err.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Info.plist b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Info.plist
index b7ea2260..7ae8585c 100644
Binary files a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Info.plist and b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Info.plist differ
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Modules/module.modulemap b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Modules/module.modulemap
new file mode 100644
index 00000000..bf0f22fd
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/Modules/module.modulemap
@@ -0,0 +1,6 @@
+framework module OpenSSL {
+  umbrella header "OpenSSL.h"
+  export *
+
+  module * { export * }
+}
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/OpenSSL b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/OpenSSL
index d0f72e49..3aed3e4e 100755
Binary files a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/OpenSSL and b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/OpenSSL differ
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/_CodeSignature/CodeResources b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/_CodeSignature/CodeResources
index 779d7be5..cd1e626c 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/_CodeSignature/CodeResources
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_arm64_32_armv7k/OpenSSL.framework/_CodeSignature/CodeResources
@@ -4,13 +4,17 @@
 <dict>
 	<key>files</key>
 	<dict>
+		<key>Headers/OpenSSL.h</key>
+		<data>
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
+		</data>
 		<key>Headers/aes.h</key>
 		<data>
 		8iNjUS1/Omec54Aw8tE1RvZq5cw=
 		</data>
 		<key>Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>Headers/asn1err.h</key>
 		<data>
@@ -22,7 +26,7 @@
 		</data>
 		<key>Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>Headers/asyncerr.h</key>
 		<data>
@@ -30,11 +34,11 @@
 		</data>
 		<key>Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>Headers/blowfish.h</key>
 		<data>
@@ -42,7 +46,7 @@
 		</data>
 		<key>Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>Headers/bnerr.h</key>
 		<data>
@@ -70,7 +74,7 @@
 		</data>
 		<key>Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>Headers/cmp_util.h</key>
 		<data>
@@ -78,27 +82,27 @@
 		</data>
 		<key>Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>Headers/conf_api.h</key>
 		<data>
@@ -110,7 +114,7 @@
 		</data>
 		<key>Headers/configuration.h</key>
 		<data>
-		3nBx/DLjXO0mXHHCNM7FsRhdYEA=
+		mp4WLl5nQWdzgpf97VWrQ5tGnbY=
 		</data>
 		<key>Headers/conftypes.h</key>
 		<data>
@@ -118,15 +122,15 @@
 		</data>
 		<key>Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>Headers/core_object.h</key>
 		<data>
@@ -134,7 +138,7 @@
 		</data>
 		<key>Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>Headers/crmferr.h</key>
 		<data>
@@ -142,7 +146,7 @@
 		</data>
 		<key>Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>Headers/cryptoerr.h</key>
 		<data>
@@ -154,7 +158,7 @@
 		</data>
 		<key>Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>Headers/cterr.h</key>
 		<data>
@@ -178,11 +182,11 @@
 		</data>
 		<key>Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>Headers/dsaerr.h</key>
 		<data>
@@ -194,7 +198,11 @@
 		</data>
 		<key>Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>Headers/ebcdic.h</key>
 		<data>
@@ -202,7 +210,7 @@
 		</data>
 		<key>Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>Headers/ecdh.h</key>
 		<data>
@@ -234,7 +242,7 @@
 		</data>
 		<key>Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>Headers/ess.h</key>
 		<data>
@@ -246,11 +254,11 @@
 		</data>
 		<key>Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>Headers/fips_names.h</key>
 		<data>
@@ -264,9 +272,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>Headers/httperr.h</key>
 		<data>
@@ -286,11 +298,11 @@
 		</data>
 		<key>Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>Headers/md2.h</key>
 		<data>
@@ -314,7 +326,7 @@
 		</data>
 		<key>Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>Headers/objects.h</key>
 		<data>
@@ -338,7 +350,7 @@
 		</data>
 		<key>Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>Headers/ossl_typ.h</key>
 		<data>
@@ -354,7 +366,7 @@
 		</data>
 		<key>Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>Headers/pem2.h</key>
 		<data>
@@ -366,15 +378,15 @@
 		</data>
 		<key>Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>Headers/pkcs7err.h</key>
 		<data>
@@ -382,19 +394,23 @@
 		</data>
 		<key>Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>Headers/randerr.h</key>
 		<data>
@@ -418,7 +434,7 @@
 		</data>
 		<key>Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>Headers/rsaerr.h</key>
 		<data>
@@ -438,7 +454,7 @@
 		</data>
 		<key>Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>Headers/shim.h</key>
 		<data>
@@ -450,11 +466,11 @@
 		</data>
 		<key>Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>Headers/ssl2.h</key>
 		<data>
@@ -462,11 +478,11 @@
 		</data>
 		<key>Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>Headers/sslerr_legacy.h</key>
 		<data>
@@ -478,7 +494,7 @@
 		</data>
 		<key>Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>Headers/storeerr.h</key>
 		<data>
@@ -488,17 +504,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>Headers/tserr.h</key>
 		<data>
@@ -510,7 +530,7 @@
 		</data>
 		<key>Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>Headers/ui.h</key>
 		<data>
@@ -526,27 +546,31 @@
 		</data>
 		<key>Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>Info.plist</key>
 		<data>
-		7euqe7/0W21zvJtJzk53Rhic2qs=
+		WsRRl8h68x1Yl3IxQopDVCxzZAM=
+		</data>
+		<key>Modules/module.modulemap</key>
+		<data>
+		wSMjVnQJnXCQkrl0p+m5ijRHe3c=
 		</data>
 		<key>PrivacyInfo.xcprivacy</key>
 		<data>
@@ -555,6 +579,17 @@
 	</dict>
 	<key>files2</key>
 	<dict>
+		<key>Headers/OpenSSL.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			hTyoNt1YXSrwwSt+YGpwylnuX1Q=
+			</data>
+			<key>hash2</key>
+			<data>
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
+			</data>
+		</dict>
 		<key>Headers/aes.h</key>
 		<dict>
 			<key>hash</key>
@@ -570,11 +605,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			z+PsFkgcH1/rIuo3T9MODUoNK24=
+			IKHwL052GZDacEllpSjZOblGmp8=
 			</data>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -603,11 +638,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+FaNb0DDHz6Z1bROedXceAi9ZFk=
+			DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 			</data>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -625,22 +660,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			dhAlip0uGrwjivvfzXhz7gIBbL4=
+			jf7KjxIHyE1IXp6H14cZiso92NU=
 			</data>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			hLGduZHZSiaWh7890Ft+Dirp0V8=
+			IbiWzoIahXRttNPxiu0IIxtDPTw=
 			</data>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -658,11 +693,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+			6PFTH929dRBU8jPAwC+1gfmXlGc=
 			</data>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -735,11 +770,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+			3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 			</data>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -757,66 +792,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MAd6LB0eBGnM306fpyRFIKQcmnw=
+			+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 			</data>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			aohtAuDEldlIEw7LDjA5LYFYouQ=
+			8J3HyXxvCfQMYdroObf/TvDcJNM=
 			</data>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+			eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			cSe/54NKUratn7HXqkgwHAAbU+E=
+			R8EdXFre5Xth1a1xLWy+huW6XA8=
 			</data>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			na2NDAO6KtNEZeQJryn0rAk8gm0=
+			ffVaVXoIFyUQtghDWdg4YaL3yYA=
 			</data>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			nUukHRjB8Dl5FxMUw81UXmi108o=
+			eoMetSrNK1X+ip6Nv4MhDZFxESE=
 			</data>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -845,11 +880,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			3nBx/DLjXO0mXHHCNM7FsRhdYEA=
+			mp4WLl5nQWdzgpf97VWrQ5tGnbY=
 			</data>
 			<key>hash2</key>
 			<data>
-			XHE/sHTtmA7yQDLLCfm0eNpxZ3l/Yo4xTAvb4c7ooV4=
+			IpHQkJF4VaqWvnjuBwDTpgPit005UE7TD1zcMBHXGV0=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -867,33 +902,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			DgKxuVMedZnWrYwn3+QZmlvjWZc=
+			mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 			</data>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			zUi9uRmH2QVO4Mxx9idYALHrvAw=
+			OEt2/D0GlXTJj92u50WOnLzBcZw=
 			</data>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+			14HBtWbGIKudKLLGnsLvx1qFFAw=
 			</data>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -911,11 +946,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			TzEzvoMGWZVYIVXybYVJXpBtPE4=
+			EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 			</data>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -933,11 +968,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+cZ/iqyPSjobdtAMfPofJkdC24s=
+			ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 			</data>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -966,11 +1001,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			oarc/5DbZaex1uozr5vLGecVUYk=
+			ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 			</data>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -1032,22 +1067,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			QifzkCnry6Rjwjm02D0W2iPpaoU=
+			PowAtdT+ur+5jz/YnAc0EHVVfYY=
 			</data>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			sz5tTilR8g0xjgAEoMUOAJgIQaY=
+			H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 			</data>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -1076,11 +1111,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			tH/S000xyavHjsqNlVGAMQHtrPM=
+			0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
 			</data>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			Rl/39YfOzRSimoGdKMvxr1d00LM=
+			</data>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -1098,11 +1144,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			m7p7LakDX6kSXm8j7MWMgSLjumQ=
+			kkZLbejT9KttWpplQJutvdfleJ4=
 			</data>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -1186,11 +1232,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			NvspHDi43yz2hiAWCvupOzf/71U=
+			PtVZORM3ByW96U6jpN72xVA5Dlo=
 			</data>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -1219,22 +1265,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			xfiJMp65BDUi3aXZvvuZrt7L9+0=
+			u8HQdWo73ke46uV//yNBE9jiFec=
 			</data>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			NRjb8Dk85VMOg0csAOKMpjdNSvU=
+			K88FXrMN/IFeOll/L3T2NG1VAho=
 			</data>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -1270,15 +1316,26 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			C4ovQTTt0OhXALzYIGunYN0Watg=
+			</data>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			iNdpr4bT5ifrtYNy2wdayLYIWxg=
+			iqn5HuY54xYRncFTjLQB6CcMbpY=
 			</data>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -1329,22 +1386,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			EMRnX9ax6zLHBXxnmTSiazj/Eag=
+			PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 			</data>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Usaoz4ODoAuZGwIWWW73o7Bacc0=
+			2Ofn24hQHHn/ydr7WESDi2Wf0us=
 			</data>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -1406,11 +1463,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			PKGiophkl+465XsKlaE0RbcWIpY=
+			eTx8IurZN7tVu4hYlw/OjmcTMU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -1472,11 +1529,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			mXcJfEZz+aFQawvCfn5r6HkVePE=
+			8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -1516,11 +1573,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			biCqnu2V9RsFSKrBa/hF2A7+DLU=
+			kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 			</data>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -1549,33 +1606,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MLVdfoh2kwlsuk9cXYskHRR3mys=
+			/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 			</data>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Gfn2rYsc58gNXbT6civ9+JHTERI=
+			6J06QNUavdqYCKAM/T8R8DaQfgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+			klUHME98kAar+DN4RqP/9F2nqgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -1593,44 +1650,55 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			7rQU10ajXY8qFAuBupPVP4Z38b0=
+			I5abNWBI3Vr60mASKOdgGYGLnjM=
 			</data>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+			Us8FRSexKB+saV/iHv19bVqv1ys=
 			</data>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S/AzcddQm464ZXFcs7Vc0qr8H9o=
+			6rAp3g2H8LF8wEcSTgoPPhdjR0M=
 			</data>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			FT7e2yALtA5OrfVSMXVnHbyvNT0=
+			</data>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			RbjbL965PTH5V1c96XeaxDqc1Bs=
+			tX64JzS8iUAcgICZc7CYr10U+O4=
 			</data>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -1692,11 +1760,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+			1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 			</data>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -1747,11 +1815,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+			XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 			</data>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -1780,22 +1848,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+			Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 			</data>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			H6fBRX9V6tBvFg31BQ4llKH6iuU=
+			oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 			</data>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -1813,22 +1881,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+			quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 			</data>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			yK43KOTkyrnZSQyDc5YAogavqJ8=
+			/eBMsgFyNFsW6ny0bkuBwgLrV74=
 			</data>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -1857,11 +1925,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			fegXSOFHdhd4iLv0QwfUKFQDdcA=
+			cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 			</data>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -1886,37 +1954,48 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			I1hNXzQNowl99hyAsBTCu2VmjRQ=
+			</data>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			X9R0FXKYZoqq6+rpqOicBgmUbY8=
+			2RPzwNlBNfKrQ1WyFD68eMEc//o=
 			</data>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			piBR67GOuHdxC49rFxlGIf167T8=
+			fLX9FULaG2zjQ9KORHF12sHsL4U=
 			</data>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			PvBLnP6OxB2m9yPm7iof8juEBnY=
+			18spUTy4DzuZorIB4Lp830dOb24=
 			</data>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -1945,11 +2024,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			9FnIjEDd7Ga455uw7oTWdFsJurk=
+			edL/ICzzvHqFHJKhxWjK1eeWzDA=
 			</data>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -1989,55 +2068,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+			kRkTo7TTjRSRFn5qHP7JWVivHX0=
 			</data>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2N5BSz89lt/srKzCqnlOodJKXvg=
+			8na6aklL2A7onuXeMTRthbXhwOk=
 			</data>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+			B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 			</data>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2S/uEecfn7PGXF1xOEahZ/6gJIU=
+			5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 			</data>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Yuj0qO2vTX/exW9Ak907VCDetgE=
+			Y1fEIggloQI5ervvbjaNV/vKT94=
+			</data>
+			<key>hash2</key>
+			<data>
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
+			</data>
+		</dict>
+		<key>Modules/module.modulemap</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			wSMjVnQJnXCQkrl0p+m5ijRHe3c=
 			</data>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			Iyk3YE2iKlYEZnIdRRtNf4piXHBV2iLaIdaHtxJFxL8=
 			</data>
 		</dict>
 		<key>PrivacyInfo.xcprivacy</key>
diff --git a/support/appletvsimulator/OpenSSL.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h
similarity index 94%
rename from support/appletvsimulator/OpenSSL.h
rename to Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h
index 0a929f3c..1e5785b9 100644
--- a/support/appletvsimulator/OpenSSL.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h
@@ -1,4 +1,4 @@
-// ls -1 ../../appletvos/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
+// ls -1 ../../appletvsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
 // Include before others:
 #include <OpenSSL/ssl.h>
 
@@ -55,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -72,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -104,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -124,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h
index 4f3c8050..2e2e7246 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_watchOS
 #  define OPENSSL_SYS_watchOS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -115,6 +121,9 @@ extern "C" {
 # ifndef OPENSSL_NO_TESTS
 #  define OPENSSL_NO_TESTS
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -130,6 +139,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -151,6 +175,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Info.plist b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Info.plist
index 035c2a74..d200789f 100644
Binary files a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Info.plist and b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Info.plist differ
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Modules/module.modulemap b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Modules/module.modulemap
new file mode 100644
index 00000000..bf0f22fd
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/Modules/module.modulemap
@@ -0,0 +1,6 @@
+framework module OpenSSL {
+  umbrella header "OpenSSL.h"
+  export *
+
+  module * { export * }
+}
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL
index 0f2c22e5..60376eab 100755
Binary files a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL and b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL differ
diff --git a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources
index 901cafc8..4459eb91 100644
--- a/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources
+++ b/Frameworks/OpenSSL.xcframework/watchos-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources
@@ -4,13 +4,17 @@
 <dict>
 	<key>files</key>
 	<dict>
+		<key>Headers/OpenSSL.h</key>
+		<data>
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
+		</data>
 		<key>Headers/aes.h</key>
 		<data>
 		8iNjUS1/Omec54Aw8tE1RvZq5cw=
 		</data>
 		<key>Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>Headers/asn1err.h</key>
 		<data>
@@ -22,7 +26,7 @@
 		</data>
 		<key>Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>Headers/asyncerr.h</key>
 		<data>
@@ -30,11 +34,11 @@
 		</data>
 		<key>Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>Headers/blowfish.h</key>
 		<data>
@@ -42,7 +46,7 @@
 		</data>
 		<key>Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>Headers/bnerr.h</key>
 		<data>
@@ -70,7 +74,7 @@
 		</data>
 		<key>Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>Headers/cmp_util.h</key>
 		<data>
@@ -78,27 +82,27 @@
 		</data>
 		<key>Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>Headers/conf_api.h</key>
 		<data>
@@ -110,7 +114,7 @@
 		</data>
 		<key>Headers/configuration.h</key>
 		<data>
-		3nBx/DLjXO0mXHHCNM7FsRhdYEA=
+		mp4WLl5nQWdzgpf97VWrQ5tGnbY=
 		</data>
 		<key>Headers/conftypes.h</key>
 		<data>
@@ -118,15 +122,15 @@
 		</data>
 		<key>Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>Headers/core_object.h</key>
 		<data>
@@ -134,7 +138,7 @@
 		</data>
 		<key>Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>Headers/crmferr.h</key>
 		<data>
@@ -142,7 +146,7 @@
 		</data>
 		<key>Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>Headers/cryptoerr.h</key>
 		<data>
@@ -154,7 +158,7 @@
 		</data>
 		<key>Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>Headers/cterr.h</key>
 		<data>
@@ -178,11 +182,11 @@
 		</data>
 		<key>Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>Headers/dsaerr.h</key>
 		<data>
@@ -194,7 +198,11 @@
 		</data>
 		<key>Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>Headers/ebcdic.h</key>
 		<data>
@@ -202,7 +210,7 @@
 		</data>
 		<key>Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>Headers/ecdh.h</key>
 		<data>
@@ -234,7 +242,7 @@
 		</data>
 		<key>Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>Headers/ess.h</key>
 		<data>
@@ -246,11 +254,11 @@
 		</data>
 		<key>Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>Headers/fips_names.h</key>
 		<data>
@@ -264,9 +272,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>Headers/httperr.h</key>
 		<data>
@@ -286,11 +298,11 @@
 		</data>
 		<key>Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>Headers/md2.h</key>
 		<data>
@@ -314,7 +326,7 @@
 		</data>
 		<key>Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>Headers/objects.h</key>
 		<data>
@@ -338,7 +350,7 @@
 		</data>
 		<key>Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>Headers/ossl_typ.h</key>
 		<data>
@@ -354,7 +366,7 @@
 		</data>
 		<key>Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>Headers/pem2.h</key>
 		<data>
@@ -366,15 +378,15 @@
 		</data>
 		<key>Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>Headers/pkcs7err.h</key>
 		<data>
@@ -382,19 +394,23 @@
 		</data>
 		<key>Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>Headers/randerr.h</key>
 		<data>
@@ -418,7 +434,7 @@
 		</data>
 		<key>Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>Headers/rsaerr.h</key>
 		<data>
@@ -438,7 +454,7 @@
 		</data>
 		<key>Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>Headers/shim.h</key>
 		<data>
@@ -450,11 +466,11 @@
 		</data>
 		<key>Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>Headers/ssl2.h</key>
 		<data>
@@ -462,11 +478,11 @@
 		</data>
 		<key>Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>Headers/sslerr_legacy.h</key>
 		<data>
@@ -478,7 +494,7 @@
 		</data>
 		<key>Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>Headers/storeerr.h</key>
 		<data>
@@ -488,17 +504,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>Headers/tserr.h</key>
 		<data>
@@ -510,7 +530,7 @@
 		</data>
 		<key>Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>Headers/ui.h</key>
 		<data>
@@ -526,27 +546,31 @@
 		</data>
 		<key>Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>Info.plist</key>
 		<data>
-		MCXGB7p+FnvUqa7zRPwwvFkL2Cs=
+		HLzm/NeSNfFVhCsA8UzYIsaUqHM=
+		</data>
+		<key>Modules/module.modulemap</key>
+		<data>
+		wSMjVnQJnXCQkrl0p+m5ijRHe3c=
 		</data>
 		<key>PrivacyInfo.xcprivacy</key>
 		<data>
@@ -555,6 +579,13 @@
 	</dict>
 	<key>files2</key>
 	<dict>
+		<key>Headers/OpenSSL.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
+			</data>
+		</dict>
 		<key>Headers/aes.h</key>
 		<dict>
 			<key>hash2</key>
@@ -566,7 +597,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -587,7 +618,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -601,14 +632,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -622,7 +653,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -671,7 +702,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -685,42 +716,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -741,7 +772,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XHE/sHTtmA7yQDLLCfm0eNpxZ3l/Yo4xTAvb4c7ooV4=
+			IpHQkJF4VaqWvnjuBwDTpgPit005UE7TD1zcMBHXGV0=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -755,21 +786,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -783,7 +814,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -797,7 +828,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -818,7 +849,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -860,14 +891,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -888,7 +919,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -902,7 +940,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -958,7 +996,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -979,14 +1017,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -1010,11 +1048,18 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -1049,14 +1094,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -1098,7 +1143,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -1140,7 +1185,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -1168,7 +1213,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -1189,21 +1234,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -1217,28 +1262,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -1280,7 +1332,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -1315,7 +1367,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -1336,14 +1388,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -1357,14 +1409,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -1385,7 +1437,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -1402,25 +1454,32 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -1441,7 +1500,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -1469,35 +1528,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
+			</data>
+		</dict>
+		<key>Modules/module.modulemap</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Iyk3YE2iKlYEZnIdRRtNf4piXHBV2iLaIdaHtxJFxL8=
 			</data>
 		</dict>
 		<key>PrivacyInfo.xcprivacy</key>
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/OpenSSL.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/OpenSSL.h
index eca45fdf..1e5785b9 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/OpenSSL.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/OpenSSL.h
@@ -1,4 +1,4 @@
-// ls -1 ../../visionos/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
+// ls -1 ../../appletvsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
 // Include before others:
 #include <OpenSSL/ssl.h>
 
@@ -55,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -72,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -104,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -124,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/asn1.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/asn1.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/async.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/async.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/bio.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/bio.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/bioerr.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/bioerr.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/bn.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/bn.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/cmp.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/cmp.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/cmperr.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/cmperr.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/cms.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/cms.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/cmserr.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/cmserr.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/comp.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/comp.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/comperr.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/comperr.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/conf.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/conf.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/configuration.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/configuration.h
index 8f739d6b..c29c8891 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/configuration.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_XROS
 #  define OPENSSL_SYS_XROS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -112,6 +118,9 @@ extern "C" {
 # ifndef OPENSSL_NO_SSL3_METHOD
 #  define OPENSSL_NO_SSL3_METHOD
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -127,6 +136,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -148,6 +172,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/core.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/core.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/core_dispatch.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/core_dispatch.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/core_names.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/core_names.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/crmf.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/crmf.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/crypto.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/crypto.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ct.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ct.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/dherr.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/dherr.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/dsa.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/dsa.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/e_os2.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/e_os2.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/e_ostime.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ec.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ec.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/err.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/err.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/evp.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/evp.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/evperr.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/evperr.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/hpke.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/http.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/http.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/lhash.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/lhash.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/macros.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/macros.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/obj_mac.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/obj_mac.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/opensslv.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/opensslv.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/pem.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/pem.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/pkcs12.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/pkcs12.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/pkcs12err.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/pkcs12err.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/pkcs7.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/pkcs7.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/prov_ssl.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/prov_ssl.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/proverr.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/proverr.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/provider.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/provider.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/quic.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/rand.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/rand.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/rsa.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/rsa.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/sha.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/sha.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/srtp.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/srtp.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ssl.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ssl.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ssl3.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ssl3.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/sslerr.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/sslerr.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/store.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/store.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/thread.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/tls1.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/tls1.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/trace.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/trace.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ts.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ts.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/types.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/types.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509_vfy.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509_vfy.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509err.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509err.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509v3.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509v3.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509v3err.h b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509v3err.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Info.plist b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Info.plist
index d6ebead0..1c80f059 100644
Binary files a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Info.plist and b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/Info.plist differ
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/OpenSSL b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/OpenSSL
index f1905736..dd26080e 100755
Binary files a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/OpenSSL and b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/OpenSSL differ
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/_CodeSignature/CodeResources b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/_CodeSignature/CodeResources
index e9884969..eaf262c0 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/_CodeSignature/CodeResources
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64/OpenSSL.framework/_CodeSignature/CodeResources
@@ -6,7 +6,7 @@
 	<dict>
 		<key>Headers/OpenSSL.h</key>
 		<data>
-		DjdIuAxFhzyFUVDRkDVNifi0KGQ=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>Headers/aes.h</key>
 		<data>
@@ -14,7 +14,7 @@
 		</data>
 		<key>Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>Headers/asn1err.h</key>
 		<data>
@@ -26,7 +26,7 @@
 		</data>
 		<key>Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>Headers/asyncerr.h</key>
 		<data>
@@ -34,11 +34,11 @@
 		</data>
 		<key>Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>Headers/blowfish.h</key>
 		<data>
@@ -46,7 +46,7 @@
 		</data>
 		<key>Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>Headers/bnerr.h</key>
 		<data>
@@ -74,7 +74,7 @@
 		</data>
 		<key>Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>Headers/cmp_util.h</key>
 		<data>
@@ -82,27 +82,27 @@
 		</data>
 		<key>Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>Headers/conf_api.h</key>
 		<data>
@@ -114,7 +114,7 @@
 		</data>
 		<key>Headers/configuration.h</key>
 		<data>
-		xDMCUxVOWmILMt3EzLfdmjiceQ8=
+		yjr15PIOf/CqzXE+85wawHh2fs8=
 		</data>
 		<key>Headers/conftypes.h</key>
 		<data>
@@ -122,15 +122,15 @@
 		</data>
 		<key>Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>Headers/core_object.h</key>
 		<data>
@@ -138,7 +138,7 @@
 		</data>
 		<key>Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>Headers/crmferr.h</key>
 		<data>
@@ -146,7 +146,7 @@
 		</data>
 		<key>Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>Headers/cryptoerr.h</key>
 		<data>
@@ -158,7 +158,7 @@
 		</data>
 		<key>Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>Headers/cterr.h</key>
 		<data>
@@ -182,11 +182,11 @@
 		</data>
 		<key>Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>Headers/dsaerr.h</key>
 		<data>
@@ -198,7 +198,11 @@
 		</data>
 		<key>Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>Headers/ebcdic.h</key>
 		<data>
@@ -206,7 +210,7 @@
 		</data>
 		<key>Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>Headers/ecdh.h</key>
 		<data>
@@ -238,7 +242,7 @@
 		</data>
 		<key>Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>Headers/ess.h</key>
 		<data>
@@ -250,11 +254,11 @@
 		</data>
 		<key>Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>Headers/fips_names.h</key>
 		<data>
@@ -268,9 +272,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>Headers/httperr.h</key>
 		<data>
@@ -290,11 +298,11 @@
 		</data>
 		<key>Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>Headers/md2.h</key>
 		<data>
@@ -318,7 +326,7 @@
 		</data>
 		<key>Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>Headers/objects.h</key>
 		<data>
@@ -342,7 +350,7 @@
 		</data>
 		<key>Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>Headers/ossl_typ.h</key>
 		<data>
@@ -358,7 +366,7 @@
 		</data>
 		<key>Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>Headers/pem2.h</key>
 		<data>
@@ -370,15 +378,15 @@
 		</data>
 		<key>Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>Headers/pkcs7err.h</key>
 		<data>
@@ -386,19 +394,23 @@
 		</data>
 		<key>Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>Headers/randerr.h</key>
 		<data>
@@ -422,7 +434,7 @@
 		</data>
 		<key>Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>Headers/rsaerr.h</key>
 		<data>
@@ -442,7 +454,7 @@
 		</data>
 		<key>Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>Headers/shim.h</key>
 		<data>
@@ -454,11 +466,11 @@
 		</data>
 		<key>Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>Headers/ssl2.h</key>
 		<data>
@@ -466,11 +478,11 @@
 		</data>
 		<key>Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>Headers/sslerr_legacy.h</key>
 		<data>
@@ -482,7 +494,7 @@
 		</data>
 		<key>Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>Headers/storeerr.h</key>
 		<data>
@@ -492,17 +504,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>Headers/tserr.h</key>
 		<data>
@@ -514,7 +530,7 @@
 		</data>
 		<key>Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>Headers/ui.h</key>
 		<data>
@@ -530,27 +546,27 @@
 		</data>
 		<key>Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>Info.plist</key>
 		<data>
-		q6poUorFn9+M1BOWdRkgqjOklAw=
+		bah+ENbAp1Hpqi3etWGe3quZea0=
 		</data>
 		<key>Modules/module.modulemap</key>
 		<data>
@@ -567,7 +583,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JTE4FeG/p5Ix1pVlec4MtYea+a9UuqvU8RT4X/92ftE=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>Headers/aes.h</key>
@@ -581,7 +597,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -602,7 +618,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -616,14 +632,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -637,7 +653,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -686,7 +702,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -700,42 +716,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -756,7 +772,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			vI2IhkR7ppZBfgghDO/R/IdSpmwLcb10phN45dtbeko=
+			kQ0lT9tiBDKsIi568LOmHyQmGYb3fv0zm5pkr4ipmEQ=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -770,21 +786,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -798,7 +814,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -812,7 +828,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -833,7 +849,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -875,14 +891,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -903,7 +919,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -917,7 +940,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -973,7 +996,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -994,14 +1017,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -1025,11 +1048,18 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -1064,14 +1094,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -1113,7 +1143,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -1155,7 +1185,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -1183,7 +1213,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -1204,21 +1234,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -1232,28 +1262,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -1295,7 +1332,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -1330,7 +1367,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -1351,14 +1388,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -1372,14 +1409,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -1400,7 +1437,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -1417,25 +1454,32 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -1456,7 +1500,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -1484,35 +1528,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>Modules/module.modulemap</key>
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h
index 8c7875e8..1e5785b9 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/OpenSSL.h
@@ -1,4 +1,4 @@
-// ls -1 ../../visionsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
+// ls -1 ../../appletvsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
 // Include before others:
 #include <OpenSSL/ssl.h>
 
@@ -55,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -72,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -104,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -124,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h
index 8f739d6b..c29c8891 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_XROS
 #  define OPENSSL_SYS_XROS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -112,6 +118,9 @@ extern "C" {
 # ifndef OPENSSL_NO_SSL3_METHOD
 #  define OPENSSL_NO_SSL3_METHOD
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -127,6 +136,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -148,6 +172,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Info.plist b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Info.plist
index 33eaeee3..b29902ed 100644
Binary files a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Info.plist and b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/Info.plist differ
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL
index ee0a2f42..a2d260b4 100755
Binary files a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL and b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL differ
diff --git a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources
index f7e4183c..7caea289 100644
--- a/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources
+++ b/Frameworks/OpenSSL.xcframework/xros-arm64_x86_64-simulator/OpenSSL.framework/_CodeSignature/CodeResources
@@ -6,7 +6,7 @@
 	<dict>
 		<key>Headers/OpenSSL.h</key>
 		<data>
-		hTczpMxXst5/jxVd7Q4r5rwxL9E=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>Headers/aes.h</key>
 		<data>
@@ -14,7 +14,7 @@
 		</data>
 		<key>Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>Headers/asn1err.h</key>
 		<data>
@@ -26,7 +26,7 @@
 		</data>
 		<key>Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>Headers/asyncerr.h</key>
 		<data>
@@ -34,11 +34,11 @@
 		</data>
 		<key>Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>Headers/blowfish.h</key>
 		<data>
@@ -46,7 +46,7 @@
 		</data>
 		<key>Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>Headers/bnerr.h</key>
 		<data>
@@ -74,7 +74,7 @@
 		</data>
 		<key>Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>Headers/cmp_util.h</key>
 		<data>
@@ -82,27 +82,27 @@
 		</data>
 		<key>Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>Headers/conf_api.h</key>
 		<data>
@@ -114,7 +114,7 @@
 		</data>
 		<key>Headers/configuration.h</key>
 		<data>
-		xDMCUxVOWmILMt3EzLfdmjiceQ8=
+		yjr15PIOf/CqzXE+85wawHh2fs8=
 		</data>
 		<key>Headers/conftypes.h</key>
 		<data>
@@ -122,15 +122,15 @@
 		</data>
 		<key>Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>Headers/core_object.h</key>
 		<data>
@@ -138,7 +138,7 @@
 		</data>
 		<key>Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>Headers/crmferr.h</key>
 		<data>
@@ -146,7 +146,7 @@
 		</data>
 		<key>Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>Headers/cryptoerr.h</key>
 		<data>
@@ -158,7 +158,7 @@
 		</data>
 		<key>Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>Headers/cterr.h</key>
 		<data>
@@ -182,11 +182,11 @@
 		</data>
 		<key>Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>Headers/dsaerr.h</key>
 		<data>
@@ -198,7 +198,11 @@
 		</data>
 		<key>Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>Headers/ebcdic.h</key>
 		<data>
@@ -206,7 +210,7 @@
 		</data>
 		<key>Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>Headers/ecdh.h</key>
 		<data>
@@ -238,7 +242,7 @@
 		</data>
 		<key>Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>Headers/ess.h</key>
 		<data>
@@ -250,11 +254,11 @@
 		</data>
 		<key>Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>Headers/fips_names.h</key>
 		<data>
@@ -268,9 +272,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>Headers/httperr.h</key>
 		<data>
@@ -290,11 +298,11 @@
 		</data>
 		<key>Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>Headers/md2.h</key>
 		<data>
@@ -318,7 +326,7 @@
 		</data>
 		<key>Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>Headers/objects.h</key>
 		<data>
@@ -342,7 +350,7 @@
 		</data>
 		<key>Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>Headers/ossl_typ.h</key>
 		<data>
@@ -358,7 +366,7 @@
 		</data>
 		<key>Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>Headers/pem2.h</key>
 		<data>
@@ -370,15 +378,15 @@
 		</data>
 		<key>Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>Headers/pkcs7err.h</key>
 		<data>
@@ -386,19 +394,23 @@
 		</data>
 		<key>Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>Headers/randerr.h</key>
 		<data>
@@ -422,7 +434,7 @@
 		</data>
 		<key>Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>Headers/rsaerr.h</key>
 		<data>
@@ -442,7 +454,7 @@
 		</data>
 		<key>Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>Headers/shim.h</key>
 		<data>
@@ -454,11 +466,11 @@
 		</data>
 		<key>Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>Headers/ssl2.h</key>
 		<data>
@@ -466,11 +478,11 @@
 		</data>
 		<key>Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>Headers/sslerr_legacy.h</key>
 		<data>
@@ -482,7 +494,7 @@
 		</data>
 		<key>Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>Headers/storeerr.h</key>
 		<data>
@@ -492,17 +504,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>Headers/tserr.h</key>
 		<data>
@@ -514,7 +530,7 @@
 		</data>
 		<key>Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>Headers/ui.h</key>
 		<data>
@@ -530,27 +546,27 @@
 		</data>
 		<key>Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>Info.plist</key>
 		<data>
-		lOWNiU8vTmatn1GZjzQm+Q8U0XQ=
+		JNDlylPmM0ICLugnp7oBSPEc+I0=
 		</data>
 		<key>Modules/module.modulemap</key>
 		<data>
@@ -567,7 +583,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			yft2F7Aj6psADhcQ5aYdXILBsOgpypRmHUjn6XToeRM=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>Headers/aes.h</key>
@@ -581,7 +597,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -602,7 +618,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -616,14 +632,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -637,7 +653,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -686,7 +702,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -700,42 +716,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -756,7 +772,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			vI2IhkR7ppZBfgghDO/R/IdSpmwLcb10phN45dtbeko=
+			kQ0lT9tiBDKsIi568LOmHyQmGYb3fv0zm5pkr4ipmEQ=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -770,21 +786,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -798,7 +814,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -812,7 +828,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -833,7 +849,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -875,14 +891,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -903,7 +919,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -917,7 +940,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -973,7 +996,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -994,14 +1017,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -1025,11 +1048,18 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -1064,14 +1094,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -1113,7 +1143,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -1155,7 +1185,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -1183,7 +1213,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -1204,21 +1234,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -1232,28 +1262,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -1295,7 +1332,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -1330,7 +1367,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -1351,14 +1388,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -1372,14 +1409,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -1400,7 +1437,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -1417,25 +1454,32 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -1456,7 +1500,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -1484,35 +1528,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>Modules/module.modulemap</key>
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/OpenSSL.h b/Frameworks/appletvos/OpenSSL.framework/Headers/OpenSSL.h
index 38e2c330..1e5785b9 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/OpenSSL.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/OpenSSL.h
@@ -55,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -72,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -104,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -124,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/asn1.h b/Frameworks/appletvos/OpenSSL.framework/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/asn1.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/async.h b/Frameworks/appletvos/OpenSSL.framework/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/async.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/bio.h b/Frameworks/appletvos/OpenSSL.framework/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/bio.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/bioerr.h b/Frameworks/appletvos/OpenSSL.framework/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/bioerr.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/bn.h b/Frameworks/appletvos/OpenSSL.framework/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/bn.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/cmp.h b/Frameworks/appletvos/OpenSSL.framework/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/cmp.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/cmperr.h b/Frameworks/appletvos/OpenSSL.framework/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/cmperr.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/cms.h b/Frameworks/appletvos/OpenSSL.framework/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/cms.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/cmserr.h b/Frameworks/appletvos/OpenSSL.framework/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/cmserr.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/comp.h b/Frameworks/appletvos/OpenSSL.framework/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/comp.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/comperr.h b/Frameworks/appletvos/OpenSSL.framework/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/comperr.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/conf.h b/Frameworks/appletvos/OpenSSL.framework/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/conf.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/configuration.h b/Frameworks/appletvos/OpenSSL.framework/Headers/configuration.h
index f38adf2f..e53c0dac 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/configuration.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_tvOS
 #  define OPENSSL_SYS_tvOS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -115,6 +121,9 @@ extern "C" {
 # ifndef OPENSSL_NO_TESTS
 #  define OPENSSL_NO_TESTS
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -130,6 +139,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -151,6 +175,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/core.h b/Frameworks/appletvos/OpenSSL.framework/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/core.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/core_dispatch.h b/Frameworks/appletvos/OpenSSL.framework/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/core_dispatch.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/core_names.h b/Frameworks/appletvos/OpenSSL.framework/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/core_names.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/crmf.h b/Frameworks/appletvos/OpenSSL.framework/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/crmf.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/crypto.h b/Frameworks/appletvos/OpenSSL.framework/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/crypto.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/ct.h b/Frameworks/appletvos/OpenSSL.framework/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/ct.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/dherr.h b/Frameworks/appletvos/OpenSSL.framework/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/dherr.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/dsa.h b/Frameworks/appletvos/OpenSSL.framework/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/dsa.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/e_os2.h b/Frameworks/appletvos/OpenSSL.framework/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/e_os2.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/e_ostime.h b/Frameworks/appletvos/OpenSSL.framework/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/ec.h b/Frameworks/appletvos/OpenSSL.framework/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/ec.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/err.h b/Frameworks/appletvos/OpenSSL.framework/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/err.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/evp.h b/Frameworks/appletvos/OpenSSL.framework/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/evp.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/evperr.h b/Frameworks/appletvos/OpenSSL.framework/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/evperr.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/hpke.h b/Frameworks/appletvos/OpenSSL.framework/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/http.h b/Frameworks/appletvos/OpenSSL.framework/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/http.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/lhash.h b/Frameworks/appletvos/OpenSSL.framework/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/lhash.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/macros.h b/Frameworks/appletvos/OpenSSL.framework/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/macros.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/obj_mac.h b/Frameworks/appletvos/OpenSSL.framework/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/obj_mac.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/opensslv.h b/Frameworks/appletvos/OpenSSL.framework/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/opensslv.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/pem.h b/Frameworks/appletvos/OpenSSL.framework/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/pem.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/pkcs12.h b/Frameworks/appletvos/OpenSSL.framework/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/pkcs12.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/pkcs12err.h b/Frameworks/appletvos/OpenSSL.framework/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/pkcs12err.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/pkcs7.h b/Frameworks/appletvos/OpenSSL.framework/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/pkcs7.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/prov_ssl.h b/Frameworks/appletvos/OpenSSL.framework/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/prov_ssl.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/proverr.h b/Frameworks/appletvos/OpenSSL.framework/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/proverr.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/provider.h b/Frameworks/appletvos/OpenSSL.framework/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/provider.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/quic.h b/Frameworks/appletvos/OpenSSL.framework/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/rand.h b/Frameworks/appletvos/OpenSSL.framework/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/rand.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/rsa.h b/Frameworks/appletvos/OpenSSL.framework/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/rsa.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/sha.h b/Frameworks/appletvos/OpenSSL.framework/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/sha.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/srtp.h b/Frameworks/appletvos/OpenSSL.framework/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/srtp.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/ssl.h b/Frameworks/appletvos/OpenSSL.framework/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/ssl.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/ssl3.h b/Frameworks/appletvos/OpenSSL.framework/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/ssl3.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/sslerr.h b/Frameworks/appletvos/OpenSSL.framework/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/sslerr.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/store.h b/Frameworks/appletvos/OpenSSL.framework/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/store.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/thread.h b/Frameworks/appletvos/OpenSSL.framework/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/tls1.h b/Frameworks/appletvos/OpenSSL.framework/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/tls1.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/trace.h b/Frameworks/appletvos/OpenSSL.framework/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/trace.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/ts.h b/Frameworks/appletvos/OpenSSL.framework/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/ts.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/types.h b/Frameworks/appletvos/OpenSSL.framework/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/types.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/x509.h b/Frameworks/appletvos/OpenSSL.framework/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/x509.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/x509_vfy.h b/Frameworks/appletvos/OpenSSL.framework/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/x509_vfy.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/x509err.h b/Frameworks/appletvos/OpenSSL.framework/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/x509err.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/x509v3.h b/Frameworks/appletvos/OpenSSL.framework/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/x509v3.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/appletvos/OpenSSL.framework/Headers/x509v3err.h b/Frameworks/appletvos/OpenSSL.framework/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/appletvos/OpenSSL.framework/Headers/x509v3err.h
+++ b/Frameworks/appletvos/OpenSSL.framework/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/appletvos/OpenSSL.framework/Info.plist b/Frameworks/appletvos/OpenSSL.framework/Info.plist
index 253ffb49..47917f5a 100644
Binary files a/Frameworks/appletvos/OpenSSL.framework/Info.plist and b/Frameworks/appletvos/OpenSSL.framework/Info.plist differ
diff --git a/Frameworks/appletvos/OpenSSL.framework/OpenSSL b/Frameworks/appletvos/OpenSSL.framework/OpenSSL
index aa6a7d73..a192b9b4 100755
Binary files a/Frameworks/appletvos/OpenSSL.framework/OpenSSL and b/Frameworks/appletvos/OpenSSL.framework/OpenSSL differ
diff --git a/Frameworks/appletvos/OpenSSL.framework/_CodeSignature/CodeResources b/Frameworks/appletvos/OpenSSL.framework/_CodeSignature/CodeResources
index 1dade78d..11bdded8 100644
--- a/Frameworks/appletvos/OpenSSL.framework/_CodeSignature/CodeResources
+++ b/Frameworks/appletvos/OpenSSL.framework/_CodeSignature/CodeResources
@@ -6,7 +6,7 @@
 	<dict>
 		<key>Headers/OpenSSL.h</key>
 		<data>
-		vc1jSl1OkdYUvhhMMZYtn89+rt4=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>Headers/aes.h</key>
 		<data>
@@ -14,7 +14,7 @@
 		</data>
 		<key>Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>Headers/asn1err.h</key>
 		<data>
@@ -26,7 +26,7 @@
 		</data>
 		<key>Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>Headers/asyncerr.h</key>
 		<data>
@@ -34,11 +34,11 @@
 		</data>
 		<key>Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>Headers/blowfish.h</key>
 		<data>
@@ -46,7 +46,7 @@
 		</data>
 		<key>Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>Headers/bnerr.h</key>
 		<data>
@@ -74,7 +74,7 @@
 		</data>
 		<key>Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>Headers/cmp_util.h</key>
 		<data>
@@ -82,27 +82,27 @@
 		</data>
 		<key>Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>Headers/conf_api.h</key>
 		<data>
@@ -114,7 +114,7 @@
 		</data>
 		<key>Headers/configuration.h</key>
 		<data>
-		1Ocg2HkmksHWEL7ue/UNifUsa0g=
+		31BE8LwRUj29KzYtu8s7CYNvvoY=
 		</data>
 		<key>Headers/conftypes.h</key>
 		<data>
@@ -122,15 +122,15 @@
 		</data>
 		<key>Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>Headers/core_object.h</key>
 		<data>
@@ -138,7 +138,7 @@
 		</data>
 		<key>Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>Headers/crmferr.h</key>
 		<data>
@@ -146,7 +146,7 @@
 		</data>
 		<key>Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>Headers/cryptoerr.h</key>
 		<data>
@@ -158,7 +158,7 @@
 		</data>
 		<key>Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>Headers/cterr.h</key>
 		<data>
@@ -182,11 +182,11 @@
 		</data>
 		<key>Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>Headers/dsaerr.h</key>
 		<data>
@@ -198,7 +198,11 @@
 		</data>
 		<key>Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>Headers/ebcdic.h</key>
 		<data>
@@ -206,7 +210,7 @@
 		</data>
 		<key>Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>Headers/ecdh.h</key>
 		<data>
@@ -238,7 +242,7 @@
 		</data>
 		<key>Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>Headers/ess.h</key>
 		<data>
@@ -250,11 +254,11 @@
 		</data>
 		<key>Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>Headers/fips_names.h</key>
 		<data>
@@ -268,9 +272,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>Headers/httperr.h</key>
 		<data>
@@ -290,11 +298,11 @@
 		</data>
 		<key>Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>Headers/md2.h</key>
 		<data>
@@ -318,7 +326,7 @@
 		</data>
 		<key>Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>Headers/objects.h</key>
 		<data>
@@ -342,7 +350,7 @@
 		</data>
 		<key>Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>Headers/ossl_typ.h</key>
 		<data>
@@ -358,7 +366,7 @@
 		</data>
 		<key>Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>Headers/pem2.h</key>
 		<data>
@@ -370,15 +378,15 @@
 		</data>
 		<key>Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>Headers/pkcs7err.h</key>
 		<data>
@@ -386,19 +394,23 @@
 		</data>
 		<key>Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>Headers/randerr.h</key>
 		<data>
@@ -422,7 +434,7 @@
 		</data>
 		<key>Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>Headers/rsaerr.h</key>
 		<data>
@@ -442,7 +454,7 @@
 		</data>
 		<key>Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>Headers/shim.h</key>
 		<data>
@@ -454,11 +466,11 @@
 		</data>
 		<key>Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>Headers/ssl2.h</key>
 		<data>
@@ -466,11 +478,11 @@
 		</data>
 		<key>Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>Headers/sslerr_legacy.h</key>
 		<data>
@@ -482,7 +494,7 @@
 		</data>
 		<key>Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>Headers/storeerr.h</key>
 		<data>
@@ -492,17 +504,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>Headers/tserr.h</key>
 		<data>
@@ -514,7 +530,7 @@
 		</data>
 		<key>Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>Headers/ui.h</key>
 		<data>
@@ -530,27 +546,27 @@
 		</data>
 		<key>Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>Info.plist</key>
 		<data>
-		oZXhDOU/3AFMLSF66La/lrevBPU=
+		+KCnD2Ok5EzpN+IJyljnRpZaVNw=
 		</data>
 		<key>Modules/module.modulemap</key>
 		<data>
@@ -567,7 +583,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			EggoyS3j3Er2SpPJ3u0M9cnFMeBqHLMI5FC+4hk+/r8=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>Headers/aes.h</key>
@@ -581,7 +597,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -602,7 +618,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -616,14 +632,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -637,7 +653,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -686,7 +702,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -700,42 +716,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -756,7 +772,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			OatY/PLTIkisneKKfv6D8r/kTTzFi8lhMBzStS3WR6o=
+			ER9xEddHqSW07OKwxmxDF6wnf3kxWVZk/1pXhWOkMRg=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -770,21 +786,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -798,7 +814,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -812,7 +828,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -833,7 +849,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -875,14 +891,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -903,7 +919,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -917,7 +940,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -973,7 +996,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -994,14 +1017,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -1025,11 +1048,18 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -1064,14 +1094,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -1113,7 +1143,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -1155,7 +1185,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -1183,7 +1213,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -1204,21 +1234,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -1232,28 +1262,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -1295,7 +1332,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -1330,7 +1367,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -1351,14 +1388,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -1372,14 +1409,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -1400,7 +1437,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -1417,25 +1454,32 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -1456,7 +1500,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -1484,35 +1528,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>Modules/module.modulemap</key>
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/OpenSSL.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/OpenSSL.h
index 0a929f3c..1e5785b9 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/OpenSSL.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/OpenSSL.h
@@ -1,4 +1,4 @@
-// ls -1 ../../appletvos/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
+// ls -1 ../../appletvsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
 // Include before others:
 #include <OpenSSL/ssl.h>
 
@@ -55,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -72,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -104,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -124,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/asn1.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/asn1.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/async.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/async.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/bio.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/bio.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/bioerr.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/bioerr.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/bn.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/bn.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/cmp.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/cmp.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/cmperr.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/cmperr.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/cms.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/cms.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/cmserr.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/cmserr.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/comp.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/comp.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/comperr.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/comperr.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/conf.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/conf.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/configuration.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/configuration.h
index f38adf2f..e53c0dac 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/configuration.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_tvOS
 #  define OPENSSL_SYS_tvOS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -115,6 +121,9 @@ extern "C" {
 # ifndef OPENSSL_NO_TESTS
 #  define OPENSSL_NO_TESTS
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -130,6 +139,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -151,6 +175,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/core.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/core.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/core_dispatch.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/core_dispatch.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/core_names.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/core_names.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/crmf.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/crmf.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/crypto.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/crypto.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ct.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ct.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/dherr.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/dherr.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/dsa.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/dsa.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/e_os2.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/e_os2.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/e_ostime.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ec.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ec.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/err.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/err.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/evp.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/evp.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/evperr.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/evperr.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/hpke.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/http.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/http.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/lhash.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/lhash.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/macros.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/macros.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/obj_mac.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/obj_mac.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/opensslv.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/opensslv.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/pem.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/pem.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/pkcs12.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/pkcs12.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/pkcs12err.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/pkcs12err.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/pkcs7.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/pkcs7.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/prov_ssl.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/prov_ssl.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/proverr.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/proverr.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/provider.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/provider.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/quic.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/rand.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/rand.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/rsa.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/rsa.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/sha.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/sha.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/srtp.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/srtp.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ssl.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ssl.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ssl3.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ssl3.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/sslerr.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/sslerr.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/store.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/store.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/thread.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/tls1.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/tls1.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/trace.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/trace.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ts.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ts.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/types.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/types.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509_vfy.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509_vfy.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509err.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509err.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509v3.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509v3.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509v3err.h b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509v3err.h
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/Info.plist b/Frameworks/appletvsimulator/OpenSSL.framework/Info.plist
index 8bd2ece6..dbbb02ac 100644
Binary files a/Frameworks/appletvsimulator/OpenSSL.framework/Info.plist and b/Frameworks/appletvsimulator/OpenSSL.framework/Info.plist differ
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/OpenSSL b/Frameworks/appletvsimulator/OpenSSL.framework/OpenSSL
index d9198061..c271073a 100755
Binary files a/Frameworks/appletvsimulator/OpenSSL.framework/OpenSSL and b/Frameworks/appletvsimulator/OpenSSL.framework/OpenSSL differ
diff --git a/Frameworks/appletvsimulator/OpenSSL.framework/_CodeSignature/CodeResources b/Frameworks/appletvsimulator/OpenSSL.framework/_CodeSignature/CodeResources
index 17bcd924..aea24d78 100644
--- a/Frameworks/appletvsimulator/OpenSSL.framework/_CodeSignature/CodeResources
+++ b/Frameworks/appletvsimulator/OpenSSL.framework/_CodeSignature/CodeResources
@@ -6,7 +6,7 @@
 	<dict>
 		<key>Headers/OpenSSL.h</key>
 		<data>
-		r0aBnOwrMBAaT5qwutVA9mzGMlQ=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>Headers/aes.h</key>
 		<data>
@@ -14,7 +14,7 @@
 		</data>
 		<key>Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>Headers/asn1err.h</key>
 		<data>
@@ -26,7 +26,7 @@
 		</data>
 		<key>Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>Headers/asyncerr.h</key>
 		<data>
@@ -34,11 +34,11 @@
 		</data>
 		<key>Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>Headers/blowfish.h</key>
 		<data>
@@ -46,7 +46,7 @@
 		</data>
 		<key>Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>Headers/bnerr.h</key>
 		<data>
@@ -74,7 +74,7 @@
 		</data>
 		<key>Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>Headers/cmp_util.h</key>
 		<data>
@@ -82,27 +82,27 @@
 		</data>
 		<key>Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>Headers/conf_api.h</key>
 		<data>
@@ -114,7 +114,7 @@
 		</data>
 		<key>Headers/configuration.h</key>
 		<data>
-		1Ocg2HkmksHWEL7ue/UNifUsa0g=
+		31BE8LwRUj29KzYtu8s7CYNvvoY=
 		</data>
 		<key>Headers/conftypes.h</key>
 		<data>
@@ -122,15 +122,15 @@
 		</data>
 		<key>Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>Headers/core_object.h</key>
 		<data>
@@ -138,7 +138,7 @@
 		</data>
 		<key>Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>Headers/crmferr.h</key>
 		<data>
@@ -146,7 +146,7 @@
 		</data>
 		<key>Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>Headers/cryptoerr.h</key>
 		<data>
@@ -158,7 +158,7 @@
 		</data>
 		<key>Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>Headers/cterr.h</key>
 		<data>
@@ -182,11 +182,11 @@
 		</data>
 		<key>Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>Headers/dsaerr.h</key>
 		<data>
@@ -198,7 +198,11 @@
 		</data>
 		<key>Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>Headers/ebcdic.h</key>
 		<data>
@@ -206,7 +210,7 @@
 		</data>
 		<key>Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>Headers/ecdh.h</key>
 		<data>
@@ -238,7 +242,7 @@
 		</data>
 		<key>Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>Headers/ess.h</key>
 		<data>
@@ -250,11 +254,11 @@
 		</data>
 		<key>Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>Headers/fips_names.h</key>
 		<data>
@@ -268,9 +272,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>Headers/httperr.h</key>
 		<data>
@@ -290,11 +298,11 @@
 		</data>
 		<key>Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>Headers/md2.h</key>
 		<data>
@@ -318,7 +326,7 @@
 		</data>
 		<key>Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>Headers/objects.h</key>
 		<data>
@@ -342,7 +350,7 @@
 		</data>
 		<key>Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>Headers/ossl_typ.h</key>
 		<data>
@@ -358,7 +366,7 @@
 		</data>
 		<key>Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>Headers/pem2.h</key>
 		<data>
@@ -370,15 +378,15 @@
 		</data>
 		<key>Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>Headers/pkcs7err.h</key>
 		<data>
@@ -386,19 +394,23 @@
 		</data>
 		<key>Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>Headers/randerr.h</key>
 		<data>
@@ -422,7 +434,7 @@
 		</data>
 		<key>Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>Headers/rsaerr.h</key>
 		<data>
@@ -442,7 +454,7 @@
 		</data>
 		<key>Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>Headers/shim.h</key>
 		<data>
@@ -454,11 +466,11 @@
 		</data>
 		<key>Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>Headers/ssl2.h</key>
 		<data>
@@ -466,11 +478,11 @@
 		</data>
 		<key>Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>Headers/sslerr_legacy.h</key>
 		<data>
@@ -482,7 +494,7 @@
 		</data>
 		<key>Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>Headers/storeerr.h</key>
 		<data>
@@ -492,17 +504,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>Headers/tserr.h</key>
 		<data>
@@ -514,7 +530,7 @@
 		</data>
 		<key>Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>Headers/ui.h</key>
 		<data>
@@ -530,27 +546,27 @@
 		</data>
 		<key>Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>Info.plist</key>
 		<data>
-		aiAmlwCKlv6I/bfXU9M0giCEtpw=
+		gd7rWr8OhyDXUVClEo5R5CxFUjQ=
 		</data>
 		<key>Modules/module.modulemap</key>
 		<data>
@@ -567,7 +583,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			msqVwR47UBq8NW0jrEVEhic9U54tGzUqV2uJt9weAP8=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>Headers/aes.h</key>
@@ -581,7 +597,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -602,7 +618,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -616,14 +632,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -637,7 +653,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -686,7 +702,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -700,42 +716,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -756,7 +772,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			OatY/PLTIkisneKKfv6D8r/kTTzFi8lhMBzStS3WR6o=
+			ER9xEddHqSW07OKwxmxDF6wnf3kxWVZk/1pXhWOkMRg=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -770,21 +786,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -798,7 +814,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -812,7 +828,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -833,7 +849,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -875,14 +891,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -903,7 +919,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -917,7 +940,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -973,7 +996,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -994,14 +1017,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -1025,11 +1048,18 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -1064,14 +1094,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -1113,7 +1143,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -1155,7 +1185,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -1183,7 +1213,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -1204,21 +1234,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -1232,28 +1262,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -1295,7 +1332,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -1330,7 +1367,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -1351,14 +1388,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -1372,14 +1409,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -1400,7 +1437,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -1417,25 +1454,32 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -1456,7 +1500,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -1484,35 +1528,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>Modules/module.modulemap</key>
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/OpenSSL.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/OpenSSL.h
index 012a7faf..1e5785b9 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/OpenSSL.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/OpenSSL.h
@@ -1,4 +1,4 @@
-// ls -1 ../../iphoneos/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
+// ls -1 ../../appletvsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
 // Include before others:
 #include <OpenSSL/ssl.h>
 
@@ -55,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -72,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -104,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -124,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/asn1.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/asn1.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/async.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/async.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/bio.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/bio.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/bioerr.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/bioerr.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/bn.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/bn.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/cmp.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/cmp.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/cmperr.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/cmperr.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/cms.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/cms.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/cmserr.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/cmserr.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/comp.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/comp.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/comperr.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/comperr.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/conf.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/conf.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/configuration.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/configuration.h
index 960c84c5..09071376 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/configuration.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_iOS
 #  define OPENSSL_SYS_iOS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -112,6 +118,9 @@ extern "C" {
 # ifndef OPENSSL_NO_SSL3_METHOD
 #  define OPENSSL_NO_SSL3_METHOD
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -127,6 +136,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -148,6 +172,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/core.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/core.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/core_dispatch.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/core_dispatch.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/core_names.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/core_names.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/crmf.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/crmf.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/crypto.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/crypto.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/ct.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/ct.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/dherr.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/dherr.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/dsa.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/dsa.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/e_os2.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/e_os2.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/e_ostime.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/ec.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/ec.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/err.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/err.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/evp.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/evp.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/evperr.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/evperr.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/hpke.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/http.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/http.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/lhash.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/lhash.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/macros.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/macros.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/obj_mac.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/obj_mac.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/opensslv.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/opensslv.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/pem.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/pem.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/pkcs12.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/pkcs12.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/pkcs12err.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/pkcs12err.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/pkcs7.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/pkcs7.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/prov_ssl.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/prov_ssl.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/proverr.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/proverr.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/provider.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/provider.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/quic.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/rand.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/rand.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/rsa.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/rsa.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/sha.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/sha.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/srtp.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/srtp.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/ssl.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/ssl.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/ssl3.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/ssl3.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/sslerr.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/sslerr.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/store.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/store.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/thread.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/tls1.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/tls1.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/trace.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/trace.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/ts.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/ts.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/types.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/types.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/x509.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/x509.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/x509_vfy.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/x509_vfy.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/x509err.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/x509err.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/x509v3.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/x509v3.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Headers/x509v3err.h b/Frameworks/iphoneos/OpenSSL.framework/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/Headers/x509v3err.h
+++ b/Frameworks/iphoneos/OpenSSL.framework/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/iphoneos/OpenSSL.framework/Info.plist b/Frameworks/iphoneos/OpenSSL.framework/Info.plist
index deb37fc3..df714eec 100644
Binary files a/Frameworks/iphoneos/OpenSSL.framework/Info.plist and b/Frameworks/iphoneos/OpenSSL.framework/Info.plist differ
diff --git a/Frameworks/iphoneos/OpenSSL.framework/OpenSSL b/Frameworks/iphoneos/OpenSSL.framework/OpenSSL
index 0d50d330..1ead36f9 100755
Binary files a/Frameworks/iphoneos/OpenSSL.framework/OpenSSL and b/Frameworks/iphoneos/OpenSSL.framework/OpenSSL differ
diff --git a/Frameworks/iphoneos/OpenSSL.framework/_CodeSignature/CodeResources b/Frameworks/iphoneos/OpenSSL.framework/_CodeSignature/CodeResources
index 0d6bd6e2..79e5f552 100644
--- a/Frameworks/iphoneos/OpenSSL.framework/_CodeSignature/CodeResources
+++ b/Frameworks/iphoneos/OpenSSL.framework/_CodeSignature/CodeResources
@@ -6,7 +6,7 @@
 	<dict>
 		<key>Headers/OpenSSL.h</key>
 		<data>
-		mHUne0OK2xRHc4qeSSyRhXvJGpU=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>Headers/aes.h</key>
 		<data>
@@ -14,7 +14,7 @@
 		</data>
 		<key>Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>Headers/asn1err.h</key>
 		<data>
@@ -26,7 +26,7 @@
 		</data>
 		<key>Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>Headers/asyncerr.h</key>
 		<data>
@@ -34,11 +34,11 @@
 		</data>
 		<key>Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>Headers/blowfish.h</key>
 		<data>
@@ -46,7 +46,7 @@
 		</data>
 		<key>Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>Headers/bnerr.h</key>
 		<data>
@@ -74,7 +74,7 @@
 		</data>
 		<key>Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>Headers/cmp_util.h</key>
 		<data>
@@ -82,27 +82,27 @@
 		</data>
 		<key>Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>Headers/conf_api.h</key>
 		<data>
@@ -114,7 +114,7 @@
 		</data>
 		<key>Headers/configuration.h</key>
 		<data>
-		+F2jiEDb2+x9S5t4KDebzaDtLpY=
+		ia9Lq9Ma5Kl0sdwkNFmHsS3OUkU=
 		</data>
 		<key>Headers/conftypes.h</key>
 		<data>
@@ -122,15 +122,15 @@
 		</data>
 		<key>Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>Headers/core_object.h</key>
 		<data>
@@ -138,7 +138,7 @@
 		</data>
 		<key>Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>Headers/crmferr.h</key>
 		<data>
@@ -146,7 +146,7 @@
 		</data>
 		<key>Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>Headers/cryptoerr.h</key>
 		<data>
@@ -158,7 +158,7 @@
 		</data>
 		<key>Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>Headers/cterr.h</key>
 		<data>
@@ -182,11 +182,11 @@
 		</data>
 		<key>Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>Headers/dsaerr.h</key>
 		<data>
@@ -198,7 +198,11 @@
 		</data>
 		<key>Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>Headers/ebcdic.h</key>
 		<data>
@@ -206,7 +210,7 @@
 		</data>
 		<key>Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>Headers/ecdh.h</key>
 		<data>
@@ -238,7 +242,7 @@
 		</data>
 		<key>Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>Headers/ess.h</key>
 		<data>
@@ -250,11 +254,11 @@
 		</data>
 		<key>Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>Headers/fips_names.h</key>
 		<data>
@@ -268,9 +272,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>Headers/httperr.h</key>
 		<data>
@@ -290,11 +298,11 @@
 		</data>
 		<key>Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>Headers/md2.h</key>
 		<data>
@@ -318,7 +326,7 @@
 		</data>
 		<key>Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>Headers/objects.h</key>
 		<data>
@@ -342,7 +350,7 @@
 		</data>
 		<key>Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>Headers/ossl_typ.h</key>
 		<data>
@@ -358,7 +366,7 @@
 		</data>
 		<key>Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>Headers/pem2.h</key>
 		<data>
@@ -370,15 +378,15 @@
 		</data>
 		<key>Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>Headers/pkcs7err.h</key>
 		<data>
@@ -386,19 +394,23 @@
 		</data>
 		<key>Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>Headers/randerr.h</key>
 		<data>
@@ -422,7 +434,7 @@
 		</data>
 		<key>Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>Headers/rsaerr.h</key>
 		<data>
@@ -442,7 +454,7 @@
 		</data>
 		<key>Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>Headers/shim.h</key>
 		<data>
@@ -454,11 +466,11 @@
 		</data>
 		<key>Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>Headers/ssl2.h</key>
 		<data>
@@ -466,11 +478,11 @@
 		</data>
 		<key>Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>Headers/sslerr_legacy.h</key>
 		<data>
@@ -482,7 +494,7 @@
 		</data>
 		<key>Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>Headers/storeerr.h</key>
 		<data>
@@ -492,17 +504,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>Headers/tserr.h</key>
 		<data>
@@ -514,7 +530,7 @@
 		</data>
 		<key>Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>Headers/ui.h</key>
 		<data>
@@ -530,27 +546,27 @@
 		</data>
 		<key>Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>Info.plist</key>
 		<data>
-		p8pGcPfYkvwcSjn6YFMGuc6tJ8Q=
+		QrYuUiaf0eAsvjMGE/3sfZCnj4w=
 		</data>
 		<key>Modules/module.modulemap</key>
 		<data>
@@ -567,7 +583,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			xLMOESMOjgEI6V0X+TU3/ELC4i3Y1gp9w3fkRfzGA88=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>Headers/aes.h</key>
@@ -581,7 +597,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -602,7 +618,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -616,14 +632,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -637,7 +653,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -686,7 +702,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -700,42 +716,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -756,7 +772,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			cs0kyZNCNdHbtdmNU1KeoB/r0e8M1WZ9ssC9Mu9hsaM=
+			U+oCGPKn5mmjbIJuiM9+qxL6r+Nyru/o9FRYnKGxn88=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -770,21 +786,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -798,7 +814,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -812,7 +828,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -833,7 +849,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -875,14 +891,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -903,7 +919,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -917,7 +940,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -973,7 +996,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -994,14 +1017,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -1025,11 +1048,18 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -1064,14 +1094,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -1113,7 +1143,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -1155,7 +1185,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -1183,7 +1213,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -1204,21 +1234,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -1232,28 +1262,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -1295,7 +1332,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -1330,7 +1367,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -1351,14 +1388,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -1372,14 +1409,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -1400,7 +1437,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -1417,25 +1454,32 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -1456,7 +1500,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -1484,35 +1528,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>Modules/module.modulemap</key>
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/OpenSSL.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/OpenSSL.h
index b52a9966..1e5785b9 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/OpenSSL.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/OpenSSL.h
@@ -1,3 +1,4 @@
+// ls -1 ../../appletvsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
 // Include before others:
 #include <OpenSSL/ssl.h>
 
@@ -54,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -71,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -103,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -123,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/asn1.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/asn1.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/async.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/async.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/bio.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/bio.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/bioerr.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/bioerr.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/bn.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/bn.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/cmp.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/cmp.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/cmperr.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/cmperr.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/cms.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/cms.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/cmserr.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/cmserr.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/comp.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/comp.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/comperr.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/comperr.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/conf.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/conf.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/configuration.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/configuration.h
index 960c84c5..09071376 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/configuration.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_iOS
 #  define OPENSSL_SYS_iOS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -112,6 +118,9 @@ extern "C" {
 # ifndef OPENSSL_NO_SSL3_METHOD
 #  define OPENSSL_NO_SSL3_METHOD
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -127,6 +136,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -148,6 +172,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/core.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/core.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/core_dispatch.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/core_dispatch.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/core_names.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/core_names.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/crmf.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/crmf.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/crypto.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/crypto.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ct.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ct.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/dherr.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/dherr.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/dsa.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/dsa.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/e_os2.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/e_os2.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/e_ostime.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ec.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ec.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/err.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/err.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/evp.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/evp.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/evperr.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/evperr.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/hpke.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/http.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/http.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/lhash.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/lhash.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/macros.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/macros.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/obj_mac.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/obj_mac.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/opensslv.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/opensslv.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/pem.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/pem.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/pkcs12.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/pkcs12.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/pkcs12err.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/pkcs12err.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/pkcs7.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/pkcs7.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/prov_ssl.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/prov_ssl.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/proverr.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/proverr.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/provider.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/provider.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/quic.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/rand.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/rand.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/rsa.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/rsa.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/sha.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/sha.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/srtp.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/srtp.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ssl.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ssl.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ssl3.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ssl3.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/sslerr.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/sslerr.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/store.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/store.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/thread.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/tls1.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/tls1.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/trace.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/trace.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ts.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ts.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/types.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/types.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509_vfy.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509_vfy.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509err.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509err.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509v3.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509v3.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509v3err.h b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509v3err.h
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/Info.plist b/Frameworks/iphonesimulator/OpenSSL.framework/Info.plist
index 252b3590..a536f4bb 100644
Binary files a/Frameworks/iphonesimulator/OpenSSL.framework/Info.plist and b/Frameworks/iphonesimulator/OpenSSL.framework/Info.plist differ
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/OpenSSL b/Frameworks/iphonesimulator/OpenSSL.framework/OpenSSL
index ecb50389..d5d69022 100755
Binary files a/Frameworks/iphonesimulator/OpenSSL.framework/OpenSSL and b/Frameworks/iphonesimulator/OpenSSL.framework/OpenSSL differ
diff --git a/Frameworks/iphonesimulator/OpenSSL.framework/_CodeSignature/CodeResources b/Frameworks/iphonesimulator/OpenSSL.framework/_CodeSignature/CodeResources
index c851fb34..b5ffae67 100644
--- a/Frameworks/iphonesimulator/OpenSSL.framework/_CodeSignature/CodeResources
+++ b/Frameworks/iphonesimulator/OpenSSL.framework/_CodeSignature/CodeResources
@@ -6,7 +6,7 @@
 	<dict>
 		<key>Headers/OpenSSL.h</key>
 		<data>
-		fK1QdcAv69VIFSZCMl9bAZN5138=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>Headers/aes.h</key>
 		<data>
@@ -14,7 +14,7 @@
 		</data>
 		<key>Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>Headers/asn1err.h</key>
 		<data>
@@ -26,7 +26,7 @@
 		</data>
 		<key>Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>Headers/asyncerr.h</key>
 		<data>
@@ -34,11 +34,11 @@
 		</data>
 		<key>Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>Headers/blowfish.h</key>
 		<data>
@@ -46,7 +46,7 @@
 		</data>
 		<key>Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>Headers/bnerr.h</key>
 		<data>
@@ -74,7 +74,7 @@
 		</data>
 		<key>Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>Headers/cmp_util.h</key>
 		<data>
@@ -82,27 +82,27 @@
 		</data>
 		<key>Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>Headers/conf_api.h</key>
 		<data>
@@ -114,7 +114,7 @@
 		</data>
 		<key>Headers/configuration.h</key>
 		<data>
-		+F2jiEDb2+x9S5t4KDebzaDtLpY=
+		ia9Lq9Ma5Kl0sdwkNFmHsS3OUkU=
 		</data>
 		<key>Headers/conftypes.h</key>
 		<data>
@@ -122,15 +122,15 @@
 		</data>
 		<key>Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>Headers/core_object.h</key>
 		<data>
@@ -138,7 +138,7 @@
 		</data>
 		<key>Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>Headers/crmferr.h</key>
 		<data>
@@ -146,7 +146,7 @@
 		</data>
 		<key>Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>Headers/cryptoerr.h</key>
 		<data>
@@ -158,7 +158,7 @@
 		</data>
 		<key>Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>Headers/cterr.h</key>
 		<data>
@@ -182,11 +182,11 @@
 		</data>
 		<key>Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>Headers/dsaerr.h</key>
 		<data>
@@ -198,7 +198,11 @@
 		</data>
 		<key>Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>Headers/ebcdic.h</key>
 		<data>
@@ -206,7 +210,7 @@
 		</data>
 		<key>Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>Headers/ecdh.h</key>
 		<data>
@@ -238,7 +242,7 @@
 		</data>
 		<key>Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>Headers/ess.h</key>
 		<data>
@@ -250,11 +254,11 @@
 		</data>
 		<key>Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>Headers/fips_names.h</key>
 		<data>
@@ -268,9 +272,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>Headers/httperr.h</key>
 		<data>
@@ -290,11 +298,11 @@
 		</data>
 		<key>Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>Headers/md2.h</key>
 		<data>
@@ -318,7 +326,7 @@
 		</data>
 		<key>Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>Headers/objects.h</key>
 		<data>
@@ -342,7 +350,7 @@
 		</data>
 		<key>Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>Headers/ossl_typ.h</key>
 		<data>
@@ -358,7 +366,7 @@
 		</data>
 		<key>Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>Headers/pem2.h</key>
 		<data>
@@ -370,15 +378,15 @@
 		</data>
 		<key>Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>Headers/pkcs7err.h</key>
 		<data>
@@ -386,19 +394,23 @@
 		</data>
 		<key>Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>Headers/randerr.h</key>
 		<data>
@@ -422,7 +434,7 @@
 		</data>
 		<key>Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>Headers/rsaerr.h</key>
 		<data>
@@ -442,7 +454,7 @@
 		</data>
 		<key>Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>Headers/shim.h</key>
 		<data>
@@ -454,11 +466,11 @@
 		</data>
 		<key>Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>Headers/ssl2.h</key>
 		<data>
@@ -466,11 +478,11 @@
 		</data>
 		<key>Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>Headers/sslerr_legacy.h</key>
 		<data>
@@ -482,7 +494,7 @@
 		</data>
 		<key>Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>Headers/storeerr.h</key>
 		<data>
@@ -492,17 +504,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>Headers/tserr.h</key>
 		<data>
@@ -514,7 +530,7 @@
 		</data>
 		<key>Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>Headers/ui.h</key>
 		<data>
@@ -530,27 +546,27 @@
 		</data>
 		<key>Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>Info.plist</key>
 		<data>
-		0m8oytXurvYln9OPfsAnw+9bPyc=
+		Wx0Sw4H53tuW3NqecVlInMDXno4=
 		</data>
 		<key>Modules/module.modulemap</key>
 		<data>
@@ -567,7 +583,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+aggzhoLQO9+2U0R3B6NGZYcUWXNz7998XU85JtsB0E=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>Headers/aes.h</key>
@@ -581,7 +597,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -602,7 +618,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -616,14 +632,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -637,7 +653,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -686,7 +702,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -700,42 +716,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -756,7 +772,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			cs0kyZNCNdHbtdmNU1KeoB/r0e8M1WZ9ssC9Mu9hsaM=
+			U+oCGPKn5mmjbIJuiM9+qxL6r+Nyru/o9FRYnKGxn88=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -770,21 +786,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -798,7 +814,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -812,7 +828,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -833,7 +849,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -875,14 +891,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -903,7 +919,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -917,7 +940,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -973,7 +996,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -994,14 +1017,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -1025,11 +1048,18 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -1064,14 +1094,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -1113,7 +1143,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -1155,7 +1185,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -1183,7 +1213,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -1204,21 +1234,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -1232,28 +1262,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -1295,7 +1332,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -1330,7 +1367,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -1351,14 +1388,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -1372,14 +1409,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -1400,7 +1437,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -1417,25 +1454,32 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -1456,7 +1500,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -1484,35 +1528,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>Modules/module.modulemap</key>
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/OpenSSL.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/OpenSSL.h
index b52a9966..1e5785b9 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/OpenSSL.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/OpenSSL.h
@@ -1,3 +1,4 @@
+// ls -1 ../../appletvsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
 // Include before others:
 #include <OpenSSL/ssl.h>
 
@@ -54,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -71,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -103,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -123,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/asn1.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/asn1.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/async.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/async.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/bio.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/bio.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/bioerr.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/bioerr.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/bn.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/bn.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/cmp.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/cmp.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/cmperr.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/cmperr.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/cms.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/cms.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/cmserr.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/cmserr.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/comp.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/comp.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/comperr.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/comperr.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/conf.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/conf.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/configuration.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/configuration.h
index c528d3f5..9eac98ec 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/configuration.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_MacOSX
 #  define OPENSSL_SYS_MacOSX 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -112,6 +118,9 @@ extern "C" {
 # ifndef OPENSSL_NO_SSL3_METHOD
 #  define OPENSSL_NO_SSL3_METHOD
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -127,6 +136,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -148,6 +172,12 @@ extern "C" {
 
 # define RC4_INT unsigned int
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/core.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/core.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/core_dispatch.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/core_dispatch.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/core_names.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/core_names.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/crmf.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/crmf.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/crypto.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/crypto.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ct.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ct.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/dherr.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/dherr.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/dsa.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/dsa.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/e_os2.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/e_os2.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/e_ostime.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ec.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ec.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/err.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/err.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/evp.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/evp.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/evperr.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/evperr.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/hpke.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/http.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/http.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/lhash.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/lhash.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/macros.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/macros.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/obj_mac.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/obj_mac.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/opensslv.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/opensslv.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/pem.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/pem.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/pkcs12.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/pkcs12.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/pkcs12err.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/pkcs12err.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/pkcs7.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/pkcs7.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/prov_ssl.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/prov_ssl.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/proverr.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/proverr.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/provider.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/provider.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/quic.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/rand.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/rand.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/rsa.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/rsa.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/sha.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/sha.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/srtp.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/srtp.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ssl.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ssl.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ssl3.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ssl3.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/sslerr.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/sslerr.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/store.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/store.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/thread.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/tls1.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/tls1.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/trace.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/trace.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ts.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ts.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/types.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/types.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509_vfy.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509_vfy.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509err.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509err.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509v3.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509v3.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509v3err.h b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509v3err.h
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/OpenSSL b/Frameworks/macosx/OpenSSL.framework/Versions/A/OpenSSL
index 98842742..4bb27c47 100755
Binary files a/Frameworks/macosx/OpenSSL.framework/Versions/A/OpenSSL and b/Frameworks/macosx/OpenSSL.framework/Versions/A/OpenSSL differ
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/Resources/Info.plist b/Frameworks/macosx/OpenSSL.framework/Versions/A/Resources/Info.plist
index c3a3484e..5c5ffe87 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/Resources/Info.plist
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/Resources/Info.plist
@@ -3,7 +3,7 @@
 <plist version="1.0">
 <dict>
 	<key>BuildMachineOSBuild</key>
-	<string>23F79</string>
+	<string>23G80</string>
 	<key>CFBundleDevelopmentRegion</key>
 	<string>en</string>
 	<key>CFBundleExecutable</key>
@@ -17,7 +17,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>3.1.6000</string>
+	<string>3.2.2000</string>
 	<key>CFBundleSupportedPlatforms</key>
 	<array>
 		<string>MacOSX</string>
diff --git a/Frameworks/macosx/OpenSSL.framework/Versions/A/_CodeSignature/CodeResources b/Frameworks/macosx/OpenSSL.framework/Versions/A/_CodeSignature/CodeResources
index ac4f0fdf..649dc7a4 100644
--- a/Frameworks/macosx/OpenSSL.framework/Versions/A/_CodeSignature/CodeResources
+++ b/Frameworks/macosx/OpenSSL.framework/Versions/A/_CodeSignature/CodeResources
@@ -6,7 +6,7 @@
 	<dict>
 		<key>Resources/Info.plist</key>
 		<data>
-		dXJ6Wg6vzE61Loe5kgfN6ogyAJc=
+		ygSh/JNcojZ+defoLJ/ubUODJLc=
 		</data>
 		<key>Resources/PrivacyInfo.xcprivacy</key>
 		<data>
@@ -19,7 +19,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+aggzhoLQO9+2U0R3B6NGZYcUWXNz7998XU85JtsB0E=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>Headers/aes.h</key>
@@ -33,7 +33,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -54,7 +54,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -68,14 +68,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -89,7 +89,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -138,7 +138,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -152,42 +152,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -208,7 +208,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			aS1Dl916uCFc1MMoDEmdeNcmxDpqochC8fhGgnn3+EU=
+			+jfF9b6H8IHvka44tRlIBPNUCGZJHt5pUyvP/gzKB1U=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -222,21 +222,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -250,7 +250,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -264,7 +264,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -285,7 +285,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -327,14 +327,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -355,7 +355,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -369,7 +376,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -425,7 +432,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -446,14 +453,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -477,11 +484,18 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -516,14 +530,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -565,7 +579,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -607,7 +621,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -635,7 +649,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -656,21 +670,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -684,28 +698,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -747,7 +768,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -782,7 +803,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -803,14 +824,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -824,14 +845,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -852,7 +873,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -869,25 +890,32 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -908,7 +936,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -936,35 +964,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>Modules/module.modulemap</key>
@@ -978,7 +1006,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tYNeLW9mhkLAnNMYLRCVgMEhFolXP4HSjviIg4XYe+I=
+			X+T9j5rz5orbYzukuy7H2TfiCOx9yj/t2Vxn7bcwYwg=
 			</data>
 		</dict>
 		<key>Resources/PrivacyInfo.xcprivacy</key>
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/OpenSSL.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/OpenSSL.h
index 215f71cd..1e5785b9 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/OpenSSL.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/OpenSSL.h
@@ -1,3 +1,4 @@
+// ls -1 ../../appletvsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
 // Include before others:
 #include <OpenSSL/ssl.h>
 
@@ -54,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -71,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -103,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -123,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
@@ -137,4 +142,3 @@
 #include <OpenSSL/x509err.h>
 #include <OpenSSL/x509v3.h>
 #include <OpenSSL/x509v3err.h>
-
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/asn1.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/asn1.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/async.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/async.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/bio.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/bio.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/bioerr.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/bioerr.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/bn.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/bn.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/cmp.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/cmp.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/cmperr.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/cmperr.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/cms.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/cms.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/cmserr.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/cmserr.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/comp.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/comp.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/comperr.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/comperr.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/conf.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/conf.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/configuration.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/configuration.h
index c528d3f5..9eac98ec 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/configuration.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_MacOSX
 #  define OPENSSL_SYS_MacOSX 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -112,6 +118,9 @@ extern "C" {
 # ifndef OPENSSL_NO_SSL3_METHOD
 #  define OPENSSL_NO_SSL3_METHOD
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -127,6 +136,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -148,6 +172,12 @@ extern "C" {
 
 # define RC4_INT unsigned int
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/core.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/core.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/core_dispatch.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/core_dispatch.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/core_names.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/core_names.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/crmf.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/crmf.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/crypto.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/crypto.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ct.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ct.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/dherr.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/dherr.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/dsa.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/dsa.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/e_os2.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/e_os2.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/e_ostime.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ec.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ec.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/err.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/err.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/evp.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/evp.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/evperr.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/evperr.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/hpke.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/http.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/http.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/lhash.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/lhash.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/macros.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/macros.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/obj_mac.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/obj_mac.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/opensslv.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/opensslv.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/pem.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/pem.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/pkcs12.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/pkcs12.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/pkcs12err.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/pkcs12err.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/pkcs7.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/pkcs7.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/prov_ssl.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/prov_ssl.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/proverr.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/proverr.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/provider.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/provider.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/quic.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/rand.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/rand.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/rsa.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/rsa.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/sha.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/sha.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/srtp.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/srtp.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ssl.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ssl.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ssl3.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ssl3.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/sslerr.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/sslerr.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/store.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/store.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/thread.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/tls1.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/tls1.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/trace.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/trace.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ts.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ts.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/types.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/types.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509_vfy.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509_vfy.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509err.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509err.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509v3.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509v3.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509v3err.h b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509v3err.h
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/OpenSSL b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/OpenSSL
index 7f6b492e..1065a5b9 100755
Binary files a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/OpenSSL and b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/OpenSSL differ
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Resources/Info.plist b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Resources/Info.plist
index 3fd19a64..2a79dc8f 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Resources/Info.plist
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/Resources/Info.plist
@@ -3,7 +3,7 @@
 <plist version="1.0">
 <dict>
 	<key>BuildMachineOSBuild</key>
-	<string>23F79</string>
+	<string>23G80</string>
 	<key>CFBundleDevelopmentRegion</key>
 	<string>en</string>
 	<key>CFBundleExecutable</key>
@@ -17,7 +17,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>3.1.6000</string>
+	<string>3.2.2000</string>
 	<key>CFBundleSupportedPlatforms</key>
 	<array>
 		<string>MacOSX</string>
diff --git a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/_CodeSignature/CodeResources b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/_CodeSignature/CodeResources
index 299c06d8..1e983872 100644
--- a/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/_CodeSignature/CodeResources
+++ b/Frameworks/macosx_catalyst/OpenSSL.framework/Versions/A/_CodeSignature/CodeResources
@@ -6,7 +6,7 @@
 	<dict>
 		<key>Resources/Info.plist</key>
 		<data>
-		OJvQ7pX3wlgZRJKyNUDPz1Nh/6c=
+		locKjucac2EJ89FRFaQ2fAquWYc=
 		</data>
 		<key>Resources/PrivacyInfo.xcprivacy</key>
 		<data>
@@ -19,7 +19,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			D2BYxlAqnizcnS9U3aoMLgxeXmkTrZNBx6cGmNsSqRQ=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>Headers/aes.h</key>
@@ -33,7 +33,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -54,7 +54,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -68,14 +68,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -89,7 +89,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -138,7 +138,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -152,42 +152,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -208,7 +208,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			aS1Dl916uCFc1MMoDEmdeNcmxDpqochC8fhGgnn3+EU=
+			+jfF9b6H8IHvka44tRlIBPNUCGZJHt5pUyvP/gzKB1U=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -222,21 +222,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -250,7 +250,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -264,7 +264,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -285,7 +285,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -327,14 +327,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -355,7 +355,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -369,7 +376,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -425,7 +432,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -446,14 +453,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -477,11 +484,18 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -516,14 +530,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -565,7 +579,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -607,7 +621,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -635,7 +649,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -656,21 +670,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -684,28 +698,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -747,7 +768,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -782,7 +803,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -803,14 +824,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -824,14 +845,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -852,7 +873,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -869,25 +890,32 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -908,7 +936,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -936,35 +964,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>Modules/module.modulemap</key>
@@ -978,7 +1006,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			yczszjXaMdNjkzN8QAh3+KJb8CT9PUta8R5wlU3Sjmk=
+			ez/Aj0H33BcLqRgrYn5ICQTTXnbR7jOS5WgmhhjSVUg=
 			</data>
 		</dict>
 		<key>Resources/PrivacyInfo.xcprivacy</key>
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/OpenSSL.h b/Frameworks/visionos/OpenSSL.framework/Headers/OpenSSL.h
index eca45fdf..1e5785b9 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/OpenSSL.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/OpenSSL.h
@@ -1,4 +1,4 @@
-// ls -1 ../../visionos/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
+// ls -1 ../../appletvsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
 // Include before others:
 #include <OpenSSL/ssl.h>
 
@@ -55,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -72,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -104,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -124,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/asn1.h b/Frameworks/visionos/OpenSSL.framework/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/asn1.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/async.h b/Frameworks/visionos/OpenSSL.framework/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/async.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/bio.h b/Frameworks/visionos/OpenSSL.framework/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/bio.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/bioerr.h b/Frameworks/visionos/OpenSSL.framework/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/bioerr.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/bn.h b/Frameworks/visionos/OpenSSL.framework/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/bn.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/cmp.h b/Frameworks/visionos/OpenSSL.framework/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/cmp.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/cmperr.h b/Frameworks/visionos/OpenSSL.framework/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/cmperr.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/cms.h b/Frameworks/visionos/OpenSSL.framework/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/cms.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/cmserr.h b/Frameworks/visionos/OpenSSL.framework/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/cmserr.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/comp.h b/Frameworks/visionos/OpenSSL.framework/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/comp.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/comperr.h b/Frameworks/visionos/OpenSSL.framework/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/comperr.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/conf.h b/Frameworks/visionos/OpenSSL.framework/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/conf.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/configuration.h b/Frameworks/visionos/OpenSSL.framework/Headers/configuration.h
index 8f739d6b..c29c8891 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/configuration.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_XROS
 #  define OPENSSL_SYS_XROS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -112,6 +118,9 @@ extern "C" {
 # ifndef OPENSSL_NO_SSL3_METHOD
 #  define OPENSSL_NO_SSL3_METHOD
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -127,6 +136,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -148,6 +172,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/core.h b/Frameworks/visionos/OpenSSL.framework/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/core.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/core_dispatch.h b/Frameworks/visionos/OpenSSL.framework/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/core_dispatch.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/core_names.h b/Frameworks/visionos/OpenSSL.framework/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/core_names.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/crmf.h b/Frameworks/visionos/OpenSSL.framework/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/crmf.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/crypto.h b/Frameworks/visionos/OpenSSL.framework/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/crypto.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/ct.h b/Frameworks/visionos/OpenSSL.framework/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/ct.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/dherr.h b/Frameworks/visionos/OpenSSL.framework/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/dherr.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/dsa.h b/Frameworks/visionos/OpenSSL.framework/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/dsa.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/e_os2.h b/Frameworks/visionos/OpenSSL.framework/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/e_os2.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/e_ostime.h b/Frameworks/visionos/OpenSSL.framework/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/ec.h b/Frameworks/visionos/OpenSSL.framework/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/ec.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/err.h b/Frameworks/visionos/OpenSSL.framework/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/err.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/evp.h b/Frameworks/visionos/OpenSSL.framework/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/evp.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/evperr.h b/Frameworks/visionos/OpenSSL.framework/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/evperr.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/hpke.h b/Frameworks/visionos/OpenSSL.framework/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/http.h b/Frameworks/visionos/OpenSSL.framework/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/http.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/lhash.h b/Frameworks/visionos/OpenSSL.framework/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/lhash.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/macros.h b/Frameworks/visionos/OpenSSL.framework/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/macros.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/obj_mac.h b/Frameworks/visionos/OpenSSL.framework/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/obj_mac.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/opensslv.h b/Frameworks/visionos/OpenSSL.framework/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/opensslv.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/pem.h b/Frameworks/visionos/OpenSSL.framework/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/pem.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/pkcs12.h b/Frameworks/visionos/OpenSSL.framework/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/pkcs12.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/pkcs12err.h b/Frameworks/visionos/OpenSSL.framework/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/pkcs12err.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/pkcs7.h b/Frameworks/visionos/OpenSSL.framework/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/pkcs7.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/prov_ssl.h b/Frameworks/visionos/OpenSSL.framework/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/prov_ssl.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/proverr.h b/Frameworks/visionos/OpenSSL.framework/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/proverr.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/provider.h b/Frameworks/visionos/OpenSSL.framework/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/provider.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/quic.h b/Frameworks/visionos/OpenSSL.framework/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/rand.h b/Frameworks/visionos/OpenSSL.framework/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/rand.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/rsa.h b/Frameworks/visionos/OpenSSL.framework/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/rsa.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/sha.h b/Frameworks/visionos/OpenSSL.framework/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/sha.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/srtp.h b/Frameworks/visionos/OpenSSL.framework/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/srtp.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/ssl.h b/Frameworks/visionos/OpenSSL.framework/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/ssl.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/ssl3.h b/Frameworks/visionos/OpenSSL.framework/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/ssl3.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/sslerr.h b/Frameworks/visionos/OpenSSL.framework/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/sslerr.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/store.h b/Frameworks/visionos/OpenSSL.framework/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/store.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/thread.h b/Frameworks/visionos/OpenSSL.framework/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/tls1.h b/Frameworks/visionos/OpenSSL.framework/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/tls1.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/trace.h b/Frameworks/visionos/OpenSSL.framework/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/trace.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/ts.h b/Frameworks/visionos/OpenSSL.framework/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/ts.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/types.h b/Frameworks/visionos/OpenSSL.framework/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/types.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/x509.h b/Frameworks/visionos/OpenSSL.framework/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/x509.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/x509_vfy.h b/Frameworks/visionos/OpenSSL.framework/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/x509_vfy.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/x509err.h b/Frameworks/visionos/OpenSSL.framework/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/x509err.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/x509v3.h b/Frameworks/visionos/OpenSSL.framework/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/x509v3.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/visionos/OpenSSL.framework/Headers/x509v3err.h b/Frameworks/visionos/OpenSSL.framework/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/visionos/OpenSSL.framework/Headers/x509v3err.h
+++ b/Frameworks/visionos/OpenSSL.framework/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/visionos/OpenSSL.framework/Info.plist b/Frameworks/visionos/OpenSSL.framework/Info.plist
index d6ebead0..1c80f059 100644
Binary files a/Frameworks/visionos/OpenSSL.framework/Info.plist and b/Frameworks/visionos/OpenSSL.framework/Info.plist differ
diff --git a/Frameworks/visionos/OpenSSL.framework/OpenSSL b/Frameworks/visionos/OpenSSL.framework/OpenSSL
index f1905736..dd26080e 100755
Binary files a/Frameworks/visionos/OpenSSL.framework/OpenSSL and b/Frameworks/visionos/OpenSSL.framework/OpenSSL differ
diff --git a/Frameworks/visionos/OpenSSL.framework/_CodeSignature/CodeResources b/Frameworks/visionos/OpenSSL.framework/_CodeSignature/CodeResources
index e9884969..eaf262c0 100644
--- a/Frameworks/visionos/OpenSSL.framework/_CodeSignature/CodeResources
+++ b/Frameworks/visionos/OpenSSL.framework/_CodeSignature/CodeResources
@@ -6,7 +6,7 @@
 	<dict>
 		<key>Headers/OpenSSL.h</key>
 		<data>
-		DjdIuAxFhzyFUVDRkDVNifi0KGQ=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>Headers/aes.h</key>
 		<data>
@@ -14,7 +14,7 @@
 		</data>
 		<key>Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>Headers/asn1err.h</key>
 		<data>
@@ -26,7 +26,7 @@
 		</data>
 		<key>Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>Headers/asyncerr.h</key>
 		<data>
@@ -34,11 +34,11 @@
 		</data>
 		<key>Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>Headers/blowfish.h</key>
 		<data>
@@ -46,7 +46,7 @@
 		</data>
 		<key>Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>Headers/bnerr.h</key>
 		<data>
@@ -74,7 +74,7 @@
 		</data>
 		<key>Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>Headers/cmp_util.h</key>
 		<data>
@@ -82,27 +82,27 @@
 		</data>
 		<key>Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>Headers/conf_api.h</key>
 		<data>
@@ -114,7 +114,7 @@
 		</data>
 		<key>Headers/configuration.h</key>
 		<data>
-		xDMCUxVOWmILMt3EzLfdmjiceQ8=
+		yjr15PIOf/CqzXE+85wawHh2fs8=
 		</data>
 		<key>Headers/conftypes.h</key>
 		<data>
@@ -122,15 +122,15 @@
 		</data>
 		<key>Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>Headers/core_object.h</key>
 		<data>
@@ -138,7 +138,7 @@
 		</data>
 		<key>Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>Headers/crmferr.h</key>
 		<data>
@@ -146,7 +146,7 @@
 		</data>
 		<key>Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>Headers/cryptoerr.h</key>
 		<data>
@@ -158,7 +158,7 @@
 		</data>
 		<key>Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>Headers/cterr.h</key>
 		<data>
@@ -182,11 +182,11 @@
 		</data>
 		<key>Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>Headers/dsaerr.h</key>
 		<data>
@@ -198,7 +198,11 @@
 		</data>
 		<key>Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>Headers/ebcdic.h</key>
 		<data>
@@ -206,7 +210,7 @@
 		</data>
 		<key>Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>Headers/ecdh.h</key>
 		<data>
@@ -238,7 +242,7 @@
 		</data>
 		<key>Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>Headers/ess.h</key>
 		<data>
@@ -250,11 +254,11 @@
 		</data>
 		<key>Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>Headers/fips_names.h</key>
 		<data>
@@ -268,9 +272,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>Headers/httperr.h</key>
 		<data>
@@ -290,11 +298,11 @@
 		</data>
 		<key>Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>Headers/md2.h</key>
 		<data>
@@ -318,7 +326,7 @@
 		</data>
 		<key>Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>Headers/objects.h</key>
 		<data>
@@ -342,7 +350,7 @@
 		</data>
 		<key>Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>Headers/ossl_typ.h</key>
 		<data>
@@ -358,7 +366,7 @@
 		</data>
 		<key>Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>Headers/pem2.h</key>
 		<data>
@@ -370,15 +378,15 @@
 		</data>
 		<key>Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>Headers/pkcs7err.h</key>
 		<data>
@@ -386,19 +394,23 @@
 		</data>
 		<key>Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>Headers/randerr.h</key>
 		<data>
@@ -422,7 +434,7 @@
 		</data>
 		<key>Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>Headers/rsaerr.h</key>
 		<data>
@@ -442,7 +454,7 @@
 		</data>
 		<key>Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>Headers/shim.h</key>
 		<data>
@@ -454,11 +466,11 @@
 		</data>
 		<key>Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>Headers/ssl2.h</key>
 		<data>
@@ -466,11 +478,11 @@
 		</data>
 		<key>Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>Headers/sslerr_legacy.h</key>
 		<data>
@@ -482,7 +494,7 @@
 		</data>
 		<key>Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>Headers/storeerr.h</key>
 		<data>
@@ -492,17 +504,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>Headers/tserr.h</key>
 		<data>
@@ -514,7 +530,7 @@
 		</data>
 		<key>Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>Headers/ui.h</key>
 		<data>
@@ -530,27 +546,27 @@
 		</data>
 		<key>Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>Info.plist</key>
 		<data>
-		q6poUorFn9+M1BOWdRkgqjOklAw=
+		bah+ENbAp1Hpqi3etWGe3quZea0=
 		</data>
 		<key>Modules/module.modulemap</key>
 		<data>
@@ -567,7 +583,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JTE4FeG/p5Ix1pVlec4MtYea+a9UuqvU8RT4X/92ftE=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>Headers/aes.h</key>
@@ -581,7 +597,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -602,7 +618,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -616,14 +632,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -637,7 +653,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -686,7 +702,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -700,42 +716,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -756,7 +772,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			vI2IhkR7ppZBfgghDO/R/IdSpmwLcb10phN45dtbeko=
+			kQ0lT9tiBDKsIi568LOmHyQmGYb3fv0zm5pkr4ipmEQ=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -770,21 +786,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -798,7 +814,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -812,7 +828,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -833,7 +849,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -875,14 +891,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -903,7 +919,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -917,7 +940,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -973,7 +996,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -994,14 +1017,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -1025,11 +1048,18 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -1064,14 +1094,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -1113,7 +1143,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -1155,7 +1185,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -1183,7 +1213,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -1204,21 +1234,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -1232,28 +1262,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -1295,7 +1332,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -1330,7 +1367,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -1351,14 +1388,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -1372,14 +1409,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -1400,7 +1437,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -1417,25 +1454,32 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -1456,7 +1500,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -1484,35 +1528,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>Modules/module.modulemap</key>
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/OpenSSL.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/OpenSSL.h
index 8c7875e8..1e5785b9 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/OpenSSL.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/OpenSSL.h
@@ -1,4 +1,4 @@
-// ls -1 ../../visionsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
+// ls -1 ../../appletvsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
 // Include before others:
 #include <OpenSSL/ssl.h>
 
@@ -55,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -72,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -104,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -124,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/asn1.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/asn1.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/async.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/async.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/bio.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/bio.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/bioerr.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/bioerr.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/bn.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/bn.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/cmp.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/cmp.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/cmperr.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/cmperr.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/cms.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/cms.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/cmserr.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/cmserr.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/comp.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/comp.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/comperr.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/comperr.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/conf.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/conf.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/configuration.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/configuration.h
index 8f739d6b..c29c8891 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/configuration.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_XROS
 #  define OPENSSL_SYS_XROS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -112,6 +118,9 @@ extern "C" {
 # ifndef OPENSSL_NO_SSL3_METHOD
 #  define OPENSSL_NO_SSL3_METHOD
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -127,6 +136,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -148,6 +172,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/core.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/core.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/core_dispatch.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/core_dispatch.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/core_names.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/core_names.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/crmf.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/crmf.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/crypto.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/crypto.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/ct.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/ct.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/dherr.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/dherr.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/dsa.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/dsa.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/e_os2.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/e_os2.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/e_ostime.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/ec.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/ec.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/err.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/err.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/evp.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/evp.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/evperr.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/evperr.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/hpke.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/http.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/http.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/lhash.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/lhash.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/macros.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/macros.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/obj_mac.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/obj_mac.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/opensslv.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/opensslv.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/pem.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/pem.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/pkcs12.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/pkcs12.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/pkcs12err.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/pkcs12err.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/pkcs7.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/pkcs7.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/prov_ssl.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/prov_ssl.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/proverr.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/proverr.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/provider.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/provider.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/quic.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/rand.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/rand.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/rsa.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/rsa.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/sha.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/sha.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/srtp.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/srtp.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/ssl.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/ssl.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/ssl3.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/ssl3.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/sslerr.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/sslerr.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/store.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/store.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/thread.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/tls1.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/tls1.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/trace.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/trace.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/ts.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/ts.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/types.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/types.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509_vfy.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509_vfy.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509err.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509err.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509v3.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509v3.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509v3err.h b/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509v3err.h
+++ b/Frameworks/visionsimulator/OpenSSL.framework/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/Info.plist b/Frameworks/visionsimulator/OpenSSL.framework/Info.plist
index 33eaeee3..b29902ed 100644
Binary files a/Frameworks/visionsimulator/OpenSSL.framework/Info.plist and b/Frameworks/visionsimulator/OpenSSL.framework/Info.plist differ
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/OpenSSL b/Frameworks/visionsimulator/OpenSSL.framework/OpenSSL
index ee0a2f42..a2d260b4 100755
Binary files a/Frameworks/visionsimulator/OpenSSL.framework/OpenSSL and b/Frameworks/visionsimulator/OpenSSL.framework/OpenSSL differ
diff --git a/Frameworks/visionsimulator/OpenSSL.framework/_CodeSignature/CodeResources b/Frameworks/visionsimulator/OpenSSL.framework/_CodeSignature/CodeResources
index f7e4183c..7caea289 100644
--- a/Frameworks/visionsimulator/OpenSSL.framework/_CodeSignature/CodeResources
+++ b/Frameworks/visionsimulator/OpenSSL.framework/_CodeSignature/CodeResources
@@ -6,7 +6,7 @@
 	<dict>
 		<key>Headers/OpenSSL.h</key>
 		<data>
-		hTczpMxXst5/jxVd7Q4r5rwxL9E=
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
 		</data>
 		<key>Headers/aes.h</key>
 		<data>
@@ -14,7 +14,7 @@
 		</data>
 		<key>Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>Headers/asn1err.h</key>
 		<data>
@@ -26,7 +26,7 @@
 		</data>
 		<key>Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>Headers/asyncerr.h</key>
 		<data>
@@ -34,11 +34,11 @@
 		</data>
 		<key>Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>Headers/blowfish.h</key>
 		<data>
@@ -46,7 +46,7 @@
 		</data>
 		<key>Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>Headers/bnerr.h</key>
 		<data>
@@ -74,7 +74,7 @@
 		</data>
 		<key>Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>Headers/cmp_util.h</key>
 		<data>
@@ -82,27 +82,27 @@
 		</data>
 		<key>Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>Headers/conf_api.h</key>
 		<data>
@@ -114,7 +114,7 @@
 		</data>
 		<key>Headers/configuration.h</key>
 		<data>
-		xDMCUxVOWmILMt3EzLfdmjiceQ8=
+		yjr15PIOf/CqzXE+85wawHh2fs8=
 		</data>
 		<key>Headers/conftypes.h</key>
 		<data>
@@ -122,15 +122,15 @@
 		</data>
 		<key>Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>Headers/core_object.h</key>
 		<data>
@@ -138,7 +138,7 @@
 		</data>
 		<key>Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>Headers/crmferr.h</key>
 		<data>
@@ -146,7 +146,7 @@
 		</data>
 		<key>Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>Headers/cryptoerr.h</key>
 		<data>
@@ -158,7 +158,7 @@
 		</data>
 		<key>Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>Headers/cterr.h</key>
 		<data>
@@ -182,11 +182,11 @@
 		</data>
 		<key>Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>Headers/dsaerr.h</key>
 		<data>
@@ -198,7 +198,11 @@
 		</data>
 		<key>Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>Headers/ebcdic.h</key>
 		<data>
@@ -206,7 +210,7 @@
 		</data>
 		<key>Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>Headers/ecdh.h</key>
 		<data>
@@ -238,7 +242,7 @@
 		</data>
 		<key>Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>Headers/ess.h</key>
 		<data>
@@ -250,11 +254,11 @@
 		</data>
 		<key>Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>Headers/fips_names.h</key>
 		<data>
@@ -268,9 +272,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>Headers/httperr.h</key>
 		<data>
@@ -290,11 +298,11 @@
 		</data>
 		<key>Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>Headers/md2.h</key>
 		<data>
@@ -318,7 +326,7 @@
 		</data>
 		<key>Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>Headers/objects.h</key>
 		<data>
@@ -342,7 +350,7 @@
 		</data>
 		<key>Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>Headers/ossl_typ.h</key>
 		<data>
@@ -358,7 +366,7 @@
 		</data>
 		<key>Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>Headers/pem2.h</key>
 		<data>
@@ -370,15 +378,15 @@
 		</data>
 		<key>Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>Headers/pkcs7err.h</key>
 		<data>
@@ -386,19 +394,23 @@
 		</data>
 		<key>Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>Headers/randerr.h</key>
 		<data>
@@ -422,7 +434,7 @@
 		</data>
 		<key>Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>Headers/rsaerr.h</key>
 		<data>
@@ -442,7 +454,7 @@
 		</data>
 		<key>Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>Headers/shim.h</key>
 		<data>
@@ -454,11 +466,11 @@
 		</data>
 		<key>Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>Headers/ssl2.h</key>
 		<data>
@@ -466,11 +478,11 @@
 		</data>
 		<key>Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>Headers/sslerr_legacy.h</key>
 		<data>
@@ -482,7 +494,7 @@
 		</data>
 		<key>Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>Headers/storeerr.h</key>
 		<data>
@@ -492,17 +504,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>Headers/tserr.h</key>
 		<data>
@@ -514,7 +530,7 @@
 		</data>
 		<key>Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>Headers/ui.h</key>
 		<data>
@@ -530,27 +546,27 @@
 		</data>
 		<key>Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>Info.plist</key>
 		<data>
-		lOWNiU8vTmatn1GZjzQm+Q8U0XQ=
+		JNDlylPmM0ICLugnp7oBSPEc+I0=
 		</data>
 		<key>Modules/module.modulemap</key>
 		<data>
@@ -567,7 +583,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			yft2F7Aj6psADhcQ5aYdXILBsOgpypRmHUjn6XToeRM=
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
 			</data>
 		</dict>
 		<key>Headers/aes.h</key>
@@ -581,7 +597,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -602,7 +618,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -616,14 +632,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -637,7 +653,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -686,7 +702,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -700,42 +716,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -756,7 +772,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			vI2IhkR7ppZBfgghDO/R/IdSpmwLcb10phN45dtbeko=
+			kQ0lT9tiBDKsIi568LOmHyQmGYb3fv0zm5pkr4ipmEQ=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -770,21 +786,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -798,7 +814,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -812,7 +828,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -833,7 +849,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -875,14 +891,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -903,7 +919,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -917,7 +940,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -973,7 +996,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -994,14 +1017,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -1025,11 +1048,18 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -1064,14 +1094,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -1113,7 +1143,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -1155,7 +1185,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -1183,7 +1213,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -1204,21 +1234,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -1232,28 +1262,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -1295,7 +1332,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -1330,7 +1367,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -1351,14 +1388,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -1372,14 +1409,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -1400,7 +1437,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -1417,25 +1454,32 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -1456,7 +1500,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -1484,35 +1528,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
 			</data>
 		</dict>
 		<key>Modules/module.modulemap</key>
diff --git a/support/iphoneos/OpenSSL.h b/Frameworks/watchos/OpenSSL.framework/Headers/OpenSSL.h
similarity index 94%
rename from support/iphoneos/OpenSSL.h
rename to Frameworks/watchos/OpenSSL.framework/Headers/OpenSSL.h
index 012a7faf..1e5785b9 100644
--- a/support/iphoneos/OpenSSL.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/OpenSSL.h
@@ -1,4 +1,4 @@
-// ls -1 ../../iphoneos/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
+// ls -1 ../../appletvsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
 // Include before others:
 #include <OpenSSL/ssl.h>
 
@@ -55,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -72,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -104,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -124,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/asn1.h b/Frameworks/watchos/OpenSSL.framework/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/asn1.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/async.h b/Frameworks/watchos/OpenSSL.framework/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/async.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/bio.h b/Frameworks/watchos/OpenSSL.framework/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/bio.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/bioerr.h b/Frameworks/watchos/OpenSSL.framework/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/bioerr.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/bn.h b/Frameworks/watchos/OpenSSL.framework/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/bn.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/cmp.h b/Frameworks/watchos/OpenSSL.framework/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/cmp.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/cmperr.h b/Frameworks/watchos/OpenSSL.framework/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/cmperr.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/cms.h b/Frameworks/watchos/OpenSSL.framework/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/cms.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/cmserr.h b/Frameworks/watchos/OpenSSL.framework/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/cmserr.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/comp.h b/Frameworks/watchos/OpenSSL.framework/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/comp.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/comperr.h b/Frameworks/watchos/OpenSSL.framework/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/comperr.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/conf.h b/Frameworks/watchos/OpenSSL.framework/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/conf.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/configuration.h b/Frameworks/watchos/OpenSSL.framework/Headers/configuration.h
index 4f3c8050..2e2e7246 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/configuration.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_watchOS
 #  define OPENSSL_SYS_watchOS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -115,6 +121,9 @@ extern "C" {
 # ifndef OPENSSL_NO_TESTS
 #  define OPENSSL_NO_TESTS
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -130,6 +139,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -151,6 +175,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/core.h b/Frameworks/watchos/OpenSSL.framework/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/core.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/core_dispatch.h b/Frameworks/watchos/OpenSSL.framework/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/core_dispatch.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/core_names.h b/Frameworks/watchos/OpenSSL.framework/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/core_names.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/crmf.h b/Frameworks/watchos/OpenSSL.framework/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/crmf.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/crypto.h b/Frameworks/watchos/OpenSSL.framework/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/crypto.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/ct.h b/Frameworks/watchos/OpenSSL.framework/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/ct.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/dherr.h b/Frameworks/watchos/OpenSSL.framework/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/dherr.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/dsa.h b/Frameworks/watchos/OpenSSL.framework/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/dsa.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/e_os2.h b/Frameworks/watchos/OpenSSL.framework/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/e_os2.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/e_ostime.h b/Frameworks/watchos/OpenSSL.framework/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/ec.h b/Frameworks/watchos/OpenSSL.framework/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/ec.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/err.h b/Frameworks/watchos/OpenSSL.framework/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/err.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/evp.h b/Frameworks/watchos/OpenSSL.framework/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/evp.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/evperr.h b/Frameworks/watchos/OpenSSL.framework/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/evperr.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/hpke.h b/Frameworks/watchos/OpenSSL.framework/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/http.h b/Frameworks/watchos/OpenSSL.framework/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/http.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/lhash.h b/Frameworks/watchos/OpenSSL.framework/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/lhash.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/macros.h b/Frameworks/watchos/OpenSSL.framework/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/macros.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/obj_mac.h b/Frameworks/watchos/OpenSSL.framework/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/obj_mac.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/opensslv.h b/Frameworks/watchos/OpenSSL.framework/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/opensslv.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/pem.h b/Frameworks/watchos/OpenSSL.framework/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/pem.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/pkcs12.h b/Frameworks/watchos/OpenSSL.framework/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/pkcs12.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/pkcs12err.h b/Frameworks/watchos/OpenSSL.framework/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/pkcs12err.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/pkcs7.h b/Frameworks/watchos/OpenSSL.framework/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/pkcs7.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/prov_ssl.h b/Frameworks/watchos/OpenSSL.framework/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/prov_ssl.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/proverr.h b/Frameworks/watchos/OpenSSL.framework/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/proverr.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/provider.h b/Frameworks/watchos/OpenSSL.framework/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/provider.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/quic.h b/Frameworks/watchos/OpenSSL.framework/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/rand.h b/Frameworks/watchos/OpenSSL.framework/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/rand.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/rsa.h b/Frameworks/watchos/OpenSSL.framework/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/rsa.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/sha.h b/Frameworks/watchos/OpenSSL.framework/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/sha.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/srtp.h b/Frameworks/watchos/OpenSSL.framework/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/srtp.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/ssl.h b/Frameworks/watchos/OpenSSL.framework/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/ssl.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/ssl3.h b/Frameworks/watchos/OpenSSL.framework/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/ssl3.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/sslerr.h b/Frameworks/watchos/OpenSSL.framework/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/sslerr.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/store.h b/Frameworks/watchos/OpenSSL.framework/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/store.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/thread.h b/Frameworks/watchos/OpenSSL.framework/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/tls1.h b/Frameworks/watchos/OpenSSL.framework/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/tls1.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/trace.h b/Frameworks/watchos/OpenSSL.framework/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/trace.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/ts.h b/Frameworks/watchos/OpenSSL.framework/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/ts.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/types.h b/Frameworks/watchos/OpenSSL.framework/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/types.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/x509.h b/Frameworks/watchos/OpenSSL.framework/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/x509.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/x509_vfy.h b/Frameworks/watchos/OpenSSL.framework/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/x509_vfy.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/x509err.h b/Frameworks/watchos/OpenSSL.framework/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/x509err.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/x509v3.h b/Frameworks/watchos/OpenSSL.framework/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/x509v3.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/watchos/OpenSSL.framework/Headers/x509v3err.h b/Frameworks/watchos/OpenSSL.framework/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/watchos/OpenSSL.framework/Headers/x509v3err.h
+++ b/Frameworks/watchos/OpenSSL.framework/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/watchos/OpenSSL.framework/Info.plist b/Frameworks/watchos/OpenSSL.framework/Info.plist
index b7ea2260..7ae8585c 100644
Binary files a/Frameworks/watchos/OpenSSL.framework/Info.plist and b/Frameworks/watchos/OpenSSL.framework/Info.plist differ
diff --git a/Frameworks/watchos/OpenSSL.framework/Modules/module.modulemap b/Frameworks/watchos/OpenSSL.framework/Modules/module.modulemap
new file mode 100644
index 00000000..bf0f22fd
--- /dev/null
+++ b/Frameworks/watchos/OpenSSL.framework/Modules/module.modulemap
@@ -0,0 +1,6 @@
+framework module OpenSSL {
+  umbrella header "OpenSSL.h"
+  export *
+
+  module * { export * }
+}
diff --git a/Frameworks/watchos/OpenSSL.framework/OpenSSL b/Frameworks/watchos/OpenSSL.framework/OpenSSL
index d0f72e49..3aed3e4e 100755
Binary files a/Frameworks/watchos/OpenSSL.framework/OpenSSL and b/Frameworks/watchos/OpenSSL.framework/OpenSSL differ
diff --git a/Frameworks/watchos/OpenSSL.framework/_CodeSignature/CodeResources b/Frameworks/watchos/OpenSSL.framework/_CodeSignature/CodeResources
index 779d7be5..cd1e626c 100644
--- a/Frameworks/watchos/OpenSSL.framework/_CodeSignature/CodeResources
+++ b/Frameworks/watchos/OpenSSL.framework/_CodeSignature/CodeResources
@@ -4,13 +4,17 @@
 <dict>
 	<key>files</key>
 	<dict>
+		<key>Headers/OpenSSL.h</key>
+		<data>
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
+		</data>
 		<key>Headers/aes.h</key>
 		<data>
 		8iNjUS1/Omec54Aw8tE1RvZq5cw=
 		</data>
 		<key>Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>Headers/asn1err.h</key>
 		<data>
@@ -22,7 +26,7 @@
 		</data>
 		<key>Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>Headers/asyncerr.h</key>
 		<data>
@@ -30,11 +34,11 @@
 		</data>
 		<key>Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>Headers/blowfish.h</key>
 		<data>
@@ -42,7 +46,7 @@
 		</data>
 		<key>Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>Headers/bnerr.h</key>
 		<data>
@@ -70,7 +74,7 @@
 		</data>
 		<key>Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>Headers/cmp_util.h</key>
 		<data>
@@ -78,27 +82,27 @@
 		</data>
 		<key>Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>Headers/conf_api.h</key>
 		<data>
@@ -110,7 +114,7 @@
 		</data>
 		<key>Headers/configuration.h</key>
 		<data>
-		3nBx/DLjXO0mXHHCNM7FsRhdYEA=
+		mp4WLl5nQWdzgpf97VWrQ5tGnbY=
 		</data>
 		<key>Headers/conftypes.h</key>
 		<data>
@@ -118,15 +122,15 @@
 		</data>
 		<key>Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>Headers/core_object.h</key>
 		<data>
@@ -134,7 +138,7 @@
 		</data>
 		<key>Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>Headers/crmferr.h</key>
 		<data>
@@ -142,7 +146,7 @@
 		</data>
 		<key>Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>Headers/cryptoerr.h</key>
 		<data>
@@ -154,7 +158,7 @@
 		</data>
 		<key>Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>Headers/cterr.h</key>
 		<data>
@@ -178,11 +182,11 @@
 		</data>
 		<key>Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>Headers/dsaerr.h</key>
 		<data>
@@ -194,7 +198,11 @@
 		</data>
 		<key>Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>Headers/ebcdic.h</key>
 		<data>
@@ -202,7 +210,7 @@
 		</data>
 		<key>Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>Headers/ecdh.h</key>
 		<data>
@@ -234,7 +242,7 @@
 		</data>
 		<key>Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>Headers/ess.h</key>
 		<data>
@@ -246,11 +254,11 @@
 		</data>
 		<key>Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>Headers/fips_names.h</key>
 		<data>
@@ -264,9 +272,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>Headers/httperr.h</key>
 		<data>
@@ -286,11 +298,11 @@
 		</data>
 		<key>Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>Headers/md2.h</key>
 		<data>
@@ -314,7 +326,7 @@
 		</data>
 		<key>Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>Headers/objects.h</key>
 		<data>
@@ -338,7 +350,7 @@
 		</data>
 		<key>Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>Headers/ossl_typ.h</key>
 		<data>
@@ -354,7 +366,7 @@
 		</data>
 		<key>Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>Headers/pem2.h</key>
 		<data>
@@ -366,15 +378,15 @@
 		</data>
 		<key>Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>Headers/pkcs7err.h</key>
 		<data>
@@ -382,19 +394,23 @@
 		</data>
 		<key>Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>Headers/randerr.h</key>
 		<data>
@@ -418,7 +434,7 @@
 		</data>
 		<key>Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>Headers/rsaerr.h</key>
 		<data>
@@ -438,7 +454,7 @@
 		</data>
 		<key>Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>Headers/shim.h</key>
 		<data>
@@ -450,11 +466,11 @@
 		</data>
 		<key>Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>Headers/ssl2.h</key>
 		<data>
@@ -462,11 +478,11 @@
 		</data>
 		<key>Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>Headers/sslerr_legacy.h</key>
 		<data>
@@ -478,7 +494,7 @@
 		</data>
 		<key>Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>Headers/storeerr.h</key>
 		<data>
@@ -488,17 +504,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>Headers/tserr.h</key>
 		<data>
@@ -510,7 +530,7 @@
 		</data>
 		<key>Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>Headers/ui.h</key>
 		<data>
@@ -526,27 +546,31 @@
 		</data>
 		<key>Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>Info.plist</key>
 		<data>
-		7euqe7/0W21zvJtJzk53Rhic2qs=
+		WsRRl8h68x1Yl3IxQopDVCxzZAM=
+		</data>
+		<key>Modules/module.modulemap</key>
+		<data>
+		wSMjVnQJnXCQkrl0p+m5ijRHe3c=
 		</data>
 		<key>PrivacyInfo.xcprivacy</key>
 		<data>
@@ -555,6 +579,17 @@
 	</dict>
 	<key>files2</key>
 	<dict>
+		<key>Headers/OpenSSL.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			hTyoNt1YXSrwwSt+YGpwylnuX1Q=
+			</data>
+			<key>hash2</key>
+			<data>
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
+			</data>
+		</dict>
 		<key>Headers/aes.h</key>
 		<dict>
 			<key>hash</key>
@@ -570,11 +605,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			z+PsFkgcH1/rIuo3T9MODUoNK24=
+			IKHwL052GZDacEllpSjZOblGmp8=
 			</data>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -603,11 +638,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+FaNb0DDHz6Z1bROedXceAi9ZFk=
+			DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 			</data>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -625,22 +660,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			dhAlip0uGrwjivvfzXhz7gIBbL4=
+			jf7KjxIHyE1IXp6H14cZiso92NU=
 			</data>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			hLGduZHZSiaWh7890Ft+Dirp0V8=
+			IbiWzoIahXRttNPxiu0IIxtDPTw=
 			</data>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -658,11 +693,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+			6PFTH929dRBU8jPAwC+1gfmXlGc=
 			</data>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -735,11 +770,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+			3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 			</data>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -757,66 +792,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MAd6LB0eBGnM306fpyRFIKQcmnw=
+			+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 			</data>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			aohtAuDEldlIEw7LDjA5LYFYouQ=
+			8J3HyXxvCfQMYdroObf/TvDcJNM=
 			</data>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+			eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 			</data>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			cSe/54NKUratn7HXqkgwHAAbU+E=
+			R8EdXFre5Xth1a1xLWy+huW6XA8=
 			</data>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			na2NDAO6KtNEZeQJryn0rAk8gm0=
+			ffVaVXoIFyUQtghDWdg4YaL3yYA=
 			</data>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			nUukHRjB8Dl5FxMUw81UXmi108o=
+			eoMetSrNK1X+ip6Nv4MhDZFxESE=
 			</data>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -845,11 +880,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			3nBx/DLjXO0mXHHCNM7FsRhdYEA=
+			mp4WLl5nQWdzgpf97VWrQ5tGnbY=
 			</data>
 			<key>hash2</key>
 			<data>
-			XHE/sHTtmA7yQDLLCfm0eNpxZ3l/Yo4xTAvb4c7ooV4=
+			IpHQkJF4VaqWvnjuBwDTpgPit005UE7TD1zcMBHXGV0=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -867,33 +902,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			DgKxuVMedZnWrYwn3+QZmlvjWZc=
+			mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 			</data>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			zUi9uRmH2QVO4Mxx9idYALHrvAw=
+			OEt2/D0GlXTJj92u50WOnLzBcZw=
 			</data>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+			14HBtWbGIKudKLLGnsLvx1qFFAw=
 			</data>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -911,11 +946,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			TzEzvoMGWZVYIVXybYVJXpBtPE4=
+			EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 			</data>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -933,11 +968,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			+cZ/iqyPSjobdtAMfPofJkdC24s=
+			ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 			</data>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -966,11 +1001,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			oarc/5DbZaex1uozr5vLGecVUYk=
+			ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 			</data>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -1032,22 +1067,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			QifzkCnry6Rjwjm02D0W2iPpaoU=
+			PowAtdT+ur+5jz/YnAc0EHVVfYY=
 			</data>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			sz5tTilR8g0xjgAEoMUOAJgIQaY=
+			H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 			</data>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -1076,11 +1111,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			tH/S000xyavHjsqNlVGAMQHtrPM=
+			0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
 			</data>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			Rl/39YfOzRSimoGdKMvxr1d00LM=
+			</data>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -1098,11 +1144,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			m7p7LakDX6kSXm8j7MWMgSLjumQ=
+			kkZLbejT9KttWpplQJutvdfleJ4=
 			</data>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -1186,11 +1232,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			NvspHDi43yz2hiAWCvupOzf/71U=
+			PtVZORM3ByW96U6jpN72xVA5Dlo=
 			</data>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -1219,22 +1265,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			xfiJMp65BDUi3aXZvvuZrt7L9+0=
+			u8HQdWo73ke46uV//yNBE9jiFec=
 			</data>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			NRjb8Dk85VMOg0csAOKMpjdNSvU=
+			K88FXrMN/IFeOll/L3T2NG1VAho=
 			</data>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -1270,15 +1316,26 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			C4ovQTTt0OhXALzYIGunYN0Watg=
+			</data>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			iNdpr4bT5ifrtYNy2wdayLYIWxg=
+			iqn5HuY54xYRncFTjLQB6CcMbpY=
 			</data>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -1329,22 +1386,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			EMRnX9ax6zLHBXxnmTSiazj/Eag=
+			PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 			</data>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Usaoz4ODoAuZGwIWWW73o7Bacc0=
+			2Ofn24hQHHn/ydr7WESDi2Wf0us=
 			</data>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -1406,11 +1463,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			PKGiophkl+465XsKlaE0RbcWIpY=
+			eTx8IurZN7tVu4hYlw/OjmcTMU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -1472,11 +1529,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			mXcJfEZz+aFQawvCfn5r6HkVePE=
+			8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 			</data>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -1516,11 +1573,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			biCqnu2V9RsFSKrBa/hF2A7+DLU=
+			kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 			</data>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -1549,33 +1606,33 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			MLVdfoh2kwlsuk9cXYskHRR3mys=
+			/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 			</data>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Gfn2rYsc58gNXbT6civ9+JHTERI=
+			6J06QNUavdqYCKAM/T8R8DaQfgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+			klUHME98kAar+DN4RqP/9F2nqgA=
 			</data>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -1593,44 +1650,55 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			7rQU10ajXY8qFAuBupPVP4Z38b0=
+			I5abNWBI3Vr60mASKOdgGYGLnjM=
 			</data>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+			Us8FRSexKB+saV/iHv19bVqv1ys=
 			</data>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			S/AzcddQm464ZXFcs7Vc0qr8H9o=
+			6rAp3g2H8LF8wEcSTgoPPhdjR0M=
 			</data>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			FT7e2yALtA5OrfVSMXVnHbyvNT0=
+			</data>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			RbjbL965PTH5V1c96XeaxDqc1Bs=
+			tX64JzS8iUAcgICZc7CYr10U+O4=
 			</data>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -1692,11 +1760,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+			1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 			</data>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -1747,11 +1815,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+			XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 			</data>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -1780,22 +1848,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+			Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 			</data>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			H6fBRX9V6tBvFg31BQ4llKH6iuU=
+			oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 			</data>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -1813,22 +1881,22 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+			quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 			</data>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			yK43KOTkyrnZSQyDc5YAogavqJ8=
+			/eBMsgFyNFsW6ny0bkuBwgLrV74=
 			</data>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -1857,11 +1925,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			fegXSOFHdhd4iLv0QwfUKFQDdcA=
+			cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 			</data>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -1886,37 +1954,48 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			I1hNXzQNowl99hyAsBTCu2VmjRQ=
+			</data>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			X9R0FXKYZoqq6+rpqOicBgmUbY8=
+			2RPzwNlBNfKrQ1WyFD68eMEc//o=
 			</data>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			piBR67GOuHdxC49rFxlGIf167T8=
+			fLX9FULaG2zjQ9KORHF12sHsL4U=
 			</data>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			PvBLnP6OxB2m9yPm7iof8juEBnY=
+			18spUTy4DzuZorIB4Lp830dOb24=
 			</data>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -1945,11 +2024,11 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			9FnIjEDd7Ga455uw7oTWdFsJurk=
+			edL/ICzzvHqFHJKhxWjK1eeWzDA=
 			</data>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -1989,55 +2068,66 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+			kRkTo7TTjRSRFn5qHP7JWVivHX0=
 			</data>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2N5BSz89lt/srKzCqnlOodJKXvg=
+			8na6aklL2A7onuXeMTRthbXhwOk=
 			</data>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+			B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 			</data>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			2S/uEecfn7PGXF1xOEahZ/6gJIU=
+			5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 			</data>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash</key>
 			<data>
-			Yuj0qO2vTX/exW9Ak907VCDetgE=
+			Y1fEIggloQI5ervvbjaNV/vKT94=
+			</data>
+			<key>hash2</key>
+			<data>
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
+			</data>
+		</dict>
+		<key>Modules/module.modulemap</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			wSMjVnQJnXCQkrl0p+m5ijRHe3c=
 			</data>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			Iyk3YE2iKlYEZnIdRRtNf4piXHBV2iLaIdaHtxJFxL8=
 			</data>
 		</dict>
 		<key>PrivacyInfo.xcprivacy</key>
diff --git a/support/iphonesimulator/OpenSSL.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/OpenSSL.h
similarity index 94%
rename from support/iphonesimulator/OpenSSL.h
rename to Frameworks/watchsimulator/OpenSSL.framework/Headers/OpenSSL.h
index b52a9966..1e5785b9 100644
--- a/support/iphonesimulator/OpenSSL.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/OpenSSL.h
@@ -1,3 +1,4 @@
+// ls -1 ../../appletvsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
 // Include before others:
 #include <OpenSSL/ssl.h>
 
@@ -54,6 +55,7 @@
 #include <OpenSSL/dsaerr.h>
 #include <OpenSSL/dtls1.h>
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/ebcdic.h>
 #include <OpenSSL/ec.h>
 #include <OpenSSL/ecdh.h>
@@ -71,6 +73,7 @@
 #include <OpenSSL/fips_names.h>
 #include <OpenSSL/fipskey.h>
 #include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
 #include <OpenSSL/http.h>
 #include <OpenSSL/httperr.h>
 #include <OpenSSL/idea.h>
@@ -103,6 +106,7 @@
 #include <OpenSSL/prov_ssl.h>
 #include <OpenSSL/proverr.h>
 #include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
 #include <OpenSSL/rand.h>
 #include <OpenSSL/randerr.h>
 #include <OpenSSL/rc2.h>
@@ -123,6 +127,7 @@
 #include <OpenSSL/store.h>
 #include <OpenSSL/storeerr.h>
 #include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
 #include <OpenSSL/tls1.h>
 #include <OpenSSL/trace.h>
 #include <OpenSSL/ts.h>
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/asn1.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/asn1.h
index 537cce54..ed442559 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/asn1.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/async.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/async.h
index b1d3f3c5..50877f4f 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/async.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/bio.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/bio.h
index a6b5a123..377fd310 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/bio.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/bioerr.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/bioerr.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/bn.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/bn.h
index a085e224..0db1f2ac 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/bn.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/cmp.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/cmp.h
index b6ce7249..342adaef 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/cmp.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/cmperr.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/cmperr.h
index e4f83de0..71fd6353 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/cmperr.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/cms.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/cms.h
index 08223a53..a69da9af 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/cms.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/cmserr.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/cmserr.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/comp.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/comp.h
index fe31acfb..a79df30e 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/comp.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/comperr.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/comperr.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/conf.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/conf.h
index 0d972c0e..581f435d 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/conf.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/configuration.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/configuration.h
index 4f3c8050..2e2e7246 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/configuration.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_watchOS
 #  define OPENSSL_SYS_watchOS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -115,6 +121,9 @@ extern "C" {
 # ifndef OPENSSL_NO_TESTS
 #  define OPENSSL_NO_TESTS
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -130,6 +139,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -151,6 +175,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/core.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/core.h
index faf76e25..ca784d25 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/core.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/core_dispatch.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/core_dispatch.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/core_names.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/core_names.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/crmf.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/crmf.h
index 2ba1f045..046c5a61 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/crmf.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/crypto.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/crypto.h
index 76489c62..103801de 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/crypto.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/ct.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/ct.h
index a7a581be..256b394d 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/ct.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/dherr.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/dherr.h
index e6855341..faeefcf0 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/dherr.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/dsa.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/dsa.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/e_os2.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/e_os2.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/e_ostime.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/ec.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/ec.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/err.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/err.h
index e980e5b9..42124abc 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/err.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/evp.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/evp.h
index fb55e4d1..c8290eba 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/evp.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/evperr.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/evperr.h
index bc519f98..f36141af 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/evperr.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/hpke.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/http.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/http.h
index e3f7c8bd..d33cc797 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/http.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/lhash.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/lhash.h
index e49b5057..ea77b654 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/lhash.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/macros.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/macros.h
index 9f9a7abb..fd950888 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/macros.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/obj_mac.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/obj_mac.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/opensslv.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/opensslv.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/pem.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/pem.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/pkcs12.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/pkcs12.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/pkcs12err.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/pkcs12err.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/pkcs7.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/pkcs7.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/prov_ssl.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/prov_ssl.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/proverr.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/proverr.h
index 9502d07f..094b212c 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/proverr.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/provider.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/provider.h
index dc684007..174aaaff 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/provider.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/quic.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/rand.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/rand.h
index 886a174d..fbc3a5cf 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/rand.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/rsa.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/rsa.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/sha.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/sha.h
index 3dce5cd7..967279a7 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/sha.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/srtp.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/srtp.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/ssl.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/ssl.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/ssl3.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/ssl3.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/sslerr.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/sslerr.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/store.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/store.h
index a5cbcdd1..ed0b6254 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/store.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/thread.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/tls1.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/tls1.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/trace.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/trace.h
index 3064a013..5d0fd9e6 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/trace.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/ts.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/ts.h
index 9d669a64..a7302824 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/ts.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/types.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/types.h
index b2281f69..413c20c5 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/types.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509.h
index 88cde83c..9dbb2b97 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509_vfy.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509_vfy.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509err.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509err.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509v3.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509v3.h
index ffe75e56..897f02f1 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509v3.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509v3err.h b/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509v3err.h
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Headers/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Info.plist b/Frameworks/watchsimulator/OpenSSL.framework/Info.plist
index 035c2a74..d200789f 100644
Binary files a/Frameworks/watchsimulator/OpenSSL.framework/Info.plist and b/Frameworks/watchsimulator/OpenSSL.framework/Info.plist differ
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/Modules/module.modulemap b/Frameworks/watchsimulator/OpenSSL.framework/Modules/module.modulemap
new file mode 100644
index 00000000..bf0f22fd
--- /dev/null
+++ b/Frameworks/watchsimulator/OpenSSL.framework/Modules/module.modulemap
@@ -0,0 +1,6 @@
+framework module OpenSSL {
+  umbrella header "OpenSSL.h"
+  export *
+
+  module * { export * }
+}
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/OpenSSL b/Frameworks/watchsimulator/OpenSSL.framework/OpenSSL
index 0f2c22e5..60376eab 100755
Binary files a/Frameworks/watchsimulator/OpenSSL.framework/OpenSSL and b/Frameworks/watchsimulator/OpenSSL.framework/OpenSSL differ
diff --git a/Frameworks/watchsimulator/OpenSSL.framework/_CodeSignature/CodeResources b/Frameworks/watchsimulator/OpenSSL.framework/_CodeSignature/CodeResources
index 901cafc8..4459eb91 100644
--- a/Frameworks/watchsimulator/OpenSSL.framework/_CodeSignature/CodeResources
+++ b/Frameworks/watchsimulator/OpenSSL.framework/_CodeSignature/CodeResources
@@ -4,13 +4,17 @@
 <dict>
 	<key>files</key>
 	<dict>
+		<key>Headers/OpenSSL.h</key>
+		<data>
+		hTyoNt1YXSrwwSt+YGpwylnuX1Q=
+		</data>
 		<key>Headers/aes.h</key>
 		<data>
 		8iNjUS1/Omec54Aw8tE1RvZq5cw=
 		</data>
 		<key>Headers/asn1.h</key>
 		<data>
-		z+PsFkgcH1/rIuo3T9MODUoNK24=
+		IKHwL052GZDacEllpSjZOblGmp8=
 		</data>
 		<key>Headers/asn1err.h</key>
 		<data>
@@ -22,7 +26,7 @@
 		</data>
 		<key>Headers/async.h</key>
 		<data>
-		+FaNb0DDHz6Z1bROedXceAi9ZFk=
+		DohqnaMk/qhm6tzJ5xjuQz7oq6c=
 		</data>
 		<key>Headers/asyncerr.h</key>
 		<data>
@@ -30,11 +34,11 @@
 		</data>
 		<key>Headers/bio.h</key>
 		<data>
-		dhAlip0uGrwjivvfzXhz7gIBbL4=
+		jf7KjxIHyE1IXp6H14cZiso92NU=
 		</data>
 		<key>Headers/bioerr.h</key>
 		<data>
-		hLGduZHZSiaWh7890Ft+Dirp0V8=
+		IbiWzoIahXRttNPxiu0IIxtDPTw=
 		</data>
 		<key>Headers/blowfish.h</key>
 		<data>
@@ -42,7 +46,7 @@
 		</data>
 		<key>Headers/bn.h</key>
 		<data>
-		g26HfXHsM2JYQ87SQ8MmFHsuXnM=
+		6PFTH929dRBU8jPAwC+1gfmXlGc=
 		</data>
 		<key>Headers/bnerr.h</key>
 		<data>
@@ -70,7 +74,7 @@
 		</data>
 		<key>Headers/cmp.h</key>
 		<data>
-		KqrxmpLHc7KmCOPMCTqLcOfBd8Q=
+		3hQM8K1+mPoI1sq9JNa1vJ3t5OE=
 		</data>
 		<key>Headers/cmp_util.h</key>
 		<data>
@@ -78,27 +82,27 @@
 		</data>
 		<key>Headers/cmperr.h</key>
 		<data>
-		MAd6LB0eBGnM306fpyRFIKQcmnw=
+		+4BIw5MfBnznjtxha/Zr/iM7Ipc=
 		</data>
 		<key>Headers/cms.h</key>
 		<data>
-		aohtAuDEldlIEw7LDjA5LYFYouQ=
+		8J3HyXxvCfQMYdroObf/TvDcJNM=
 		</data>
 		<key>Headers/cmserr.h</key>
 		<data>
-		9PWAHMeOBWQ2CxTQ5KA3KjXKWiM=
+		eCy5Ncf3eVOm4nwj67Vifi9y6hM=
 		</data>
 		<key>Headers/comp.h</key>
 		<data>
-		cSe/54NKUratn7HXqkgwHAAbU+E=
+		R8EdXFre5Xth1a1xLWy+huW6XA8=
 		</data>
 		<key>Headers/comperr.h</key>
 		<data>
-		na2NDAO6KtNEZeQJryn0rAk8gm0=
+		ffVaVXoIFyUQtghDWdg4YaL3yYA=
 		</data>
 		<key>Headers/conf.h</key>
 		<data>
-		nUukHRjB8Dl5FxMUw81UXmi108o=
+		eoMetSrNK1X+ip6Nv4MhDZFxESE=
 		</data>
 		<key>Headers/conf_api.h</key>
 		<data>
@@ -110,7 +114,7 @@
 		</data>
 		<key>Headers/configuration.h</key>
 		<data>
-		3nBx/DLjXO0mXHHCNM7FsRhdYEA=
+		mp4WLl5nQWdzgpf97VWrQ5tGnbY=
 		</data>
 		<key>Headers/conftypes.h</key>
 		<data>
@@ -118,15 +122,15 @@
 		</data>
 		<key>Headers/core.h</key>
 		<data>
-		DgKxuVMedZnWrYwn3+QZmlvjWZc=
+		mPd5ZnSLQ/3i2hhcXxlsQQiMvbw=
 		</data>
 		<key>Headers/core_dispatch.h</key>
 		<data>
-		zUi9uRmH2QVO4Mxx9idYALHrvAw=
+		OEt2/D0GlXTJj92u50WOnLzBcZw=
 		</data>
 		<key>Headers/core_names.h</key>
 		<data>
-		S8V+aIQDB6zZ3kSWyKkxLWKw2T0=
+		14HBtWbGIKudKLLGnsLvx1qFFAw=
 		</data>
 		<key>Headers/core_object.h</key>
 		<data>
@@ -134,7 +138,7 @@
 		</data>
 		<key>Headers/crmf.h</key>
 		<data>
-		TzEzvoMGWZVYIVXybYVJXpBtPE4=
+		EVr4ozT8OyvEJWh0U6qCk+gFgHQ=
 		</data>
 		<key>Headers/crmferr.h</key>
 		<data>
@@ -142,7 +146,7 @@
 		</data>
 		<key>Headers/crypto.h</key>
 		<data>
-		+cZ/iqyPSjobdtAMfPofJkdC24s=
+		ZRn/J+Qctb9HxTHN/+Yv2mGnn2E=
 		</data>
 		<key>Headers/cryptoerr.h</key>
 		<data>
@@ -154,7 +158,7 @@
 		</data>
 		<key>Headers/ct.h</key>
 		<data>
-		oarc/5DbZaex1uozr5vLGecVUYk=
+		ZuEkUAl87gC0ozc+YHWuxA1BcAo=
 		</data>
 		<key>Headers/cterr.h</key>
 		<data>
@@ -178,11 +182,11 @@
 		</data>
 		<key>Headers/dherr.h</key>
 		<data>
-		QifzkCnry6Rjwjm02D0W2iPpaoU=
+		PowAtdT+ur+5jz/YnAc0EHVVfYY=
 		</data>
 		<key>Headers/dsa.h</key>
 		<data>
-		sz5tTilR8g0xjgAEoMUOAJgIQaY=
+		H/XZCLlkK1HVGKBcS+8CYcoNcCU=
 		</data>
 		<key>Headers/dsaerr.h</key>
 		<data>
@@ -194,7 +198,11 @@
 		</data>
 		<key>Headers/e_os2.h</key>
 		<data>
-		tH/S000xyavHjsqNlVGAMQHtrPM=
+		0jHlkIcyfvsVY8cmXMDrIHdSu6Q=
+		</data>
+		<key>Headers/e_ostime.h</key>
+		<data>
+		Rl/39YfOzRSimoGdKMvxr1d00LM=
 		</data>
 		<key>Headers/ebcdic.h</key>
 		<data>
@@ -202,7 +210,7 @@
 		</data>
 		<key>Headers/ec.h</key>
 		<data>
-		m7p7LakDX6kSXm8j7MWMgSLjumQ=
+		kkZLbejT9KttWpplQJutvdfleJ4=
 		</data>
 		<key>Headers/ecdh.h</key>
 		<data>
@@ -234,7 +242,7 @@
 		</data>
 		<key>Headers/err.h</key>
 		<data>
-		NvspHDi43yz2hiAWCvupOzf/71U=
+		PtVZORM3ByW96U6jpN72xVA5Dlo=
 		</data>
 		<key>Headers/ess.h</key>
 		<data>
@@ -246,11 +254,11 @@
 		</data>
 		<key>Headers/evp.h</key>
 		<data>
-		xfiJMp65BDUi3aXZvvuZrt7L9+0=
+		u8HQdWo73ke46uV//yNBE9jiFec=
 		</data>
 		<key>Headers/evperr.h</key>
 		<data>
-		NRjb8Dk85VMOg0csAOKMpjdNSvU=
+		K88FXrMN/IFeOll/L3T2NG1VAho=
 		</data>
 		<key>Headers/fips_names.h</key>
 		<data>
@@ -264,9 +272,13 @@
 		<data>
 		uQVrvmZbCkOOcbh/aD9DbAIWIk4=
 		</data>
+		<key>Headers/hpke.h</key>
+		<data>
+		C4ovQTTt0OhXALzYIGunYN0Watg=
+		</data>
 		<key>Headers/http.h</key>
 		<data>
-		iNdpr4bT5ifrtYNy2wdayLYIWxg=
+		iqn5HuY54xYRncFTjLQB6CcMbpY=
 		</data>
 		<key>Headers/httperr.h</key>
 		<data>
@@ -286,11 +298,11 @@
 		</data>
 		<key>Headers/lhash.h</key>
 		<data>
-		EMRnX9ax6zLHBXxnmTSiazj/Eag=
+		PgUeXT+TG+vS7+7Zg5kwdmtHF7M=
 		</data>
 		<key>Headers/macros.h</key>
 		<data>
-		Usaoz4ODoAuZGwIWWW73o7Bacc0=
+		2Ofn24hQHHn/ydr7WESDi2Wf0us=
 		</data>
 		<key>Headers/md2.h</key>
 		<data>
@@ -314,7 +326,7 @@
 		</data>
 		<key>Headers/obj_mac.h</key>
 		<data>
-		PKGiophkl+465XsKlaE0RbcWIpY=
+		eTx8IurZN7tVu4hYlw/OjmcTMU4=
 		</data>
 		<key>Headers/objects.h</key>
 		<data>
@@ -338,7 +350,7 @@
 		</data>
 		<key>Headers/opensslv.h</key>
 		<data>
-		mXcJfEZz+aFQawvCfn5r6HkVePE=
+		8DC2PPQEp9NfoIYkZVAYlMKlmU4=
 		</data>
 		<key>Headers/ossl_typ.h</key>
 		<data>
@@ -354,7 +366,7 @@
 		</data>
 		<key>Headers/pem.h</key>
 		<data>
-		biCqnu2V9RsFSKrBa/hF2A7+DLU=
+		kj/Pr2Zmu6ya3ycMeebqN2I3akk=
 		</data>
 		<key>Headers/pem2.h</key>
 		<data>
@@ -366,15 +378,15 @@
 		</data>
 		<key>Headers/pkcs12.h</key>
 		<data>
-		MLVdfoh2kwlsuk9cXYskHRR3mys=
+		/XIt/Y1WcaWvAF+WIoC4gJd2UKI=
 		</data>
 		<key>Headers/pkcs12err.h</key>
 		<data>
-		Gfn2rYsc58gNXbT6civ9+JHTERI=
+		6J06QNUavdqYCKAM/T8R8DaQfgA=
 		</data>
 		<key>Headers/pkcs7.h</key>
 		<data>
-		ZqxUH9dDx5G9bVIa5S5xzCbvcNc=
+		klUHME98kAar+DN4RqP/9F2nqgA=
 		</data>
 		<key>Headers/pkcs7err.h</key>
 		<data>
@@ -382,19 +394,23 @@
 		</data>
 		<key>Headers/prov_ssl.h</key>
 		<data>
-		7rQU10ajXY8qFAuBupPVP4Z38b0=
+		I5abNWBI3Vr60mASKOdgGYGLnjM=
 		</data>
 		<key>Headers/proverr.h</key>
 		<data>
-		8VG4ejym5A/u6fDu9aCR+dR/l+Y=
+		Us8FRSexKB+saV/iHv19bVqv1ys=
 		</data>
 		<key>Headers/provider.h</key>
 		<data>
-		S/AzcddQm464ZXFcs7Vc0qr8H9o=
+		6rAp3g2H8LF8wEcSTgoPPhdjR0M=
+		</data>
+		<key>Headers/quic.h</key>
+		<data>
+		FT7e2yALtA5OrfVSMXVnHbyvNT0=
 		</data>
 		<key>Headers/rand.h</key>
 		<data>
-		RbjbL965PTH5V1c96XeaxDqc1Bs=
+		tX64JzS8iUAcgICZc7CYr10U+O4=
 		</data>
 		<key>Headers/randerr.h</key>
 		<data>
@@ -418,7 +434,7 @@
 		</data>
 		<key>Headers/rsa.h</key>
 		<data>
-		wE0ZrcbDn0Lj17IldaMBY+MmfCc=
+		1EY7bmtrVpVud/Mn/jU3zE/hwAY=
 		</data>
 		<key>Headers/rsaerr.h</key>
 		<data>
@@ -438,7 +454,7 @@
 		</data>
 		<key>Headers/sha.h</key>
 		<data>
-		gcmpedtIM496QlQ+WPQ3JLu6Gg4=
+		XcFWDwuK98Aus3ZzcwwM7z/AuWk=
 		</data>
 		<key>Headers/shim.h</key>
 		<data>
@@ -450,11 +466,11 @@
 		</data>
 		<key>Headers/srtp.h</key>
 		<data>
-		2b2tiC8XCVdB2+/0bFP8hDCNdHc=
+		Iaw7xP08O8k2eK2mzxyXuFoN8rw=
 		</data>
 		<key>Headers/ssl.h</key>
 		<data>
-		H6fBRX9V6tBvFg31BQ4llKH6iuU=
+		oyeWTq8IGSgBXlBoTSd/wpy5Og4=
 		</data>
 		<key>Headers/ssl2.h</key>
 		<data>
@@ -462,11 +478,11 @@
 		</data>
 		<key>Headers/ssl3.h</key>
 		<data>
-		yxNJQ0d+ggJRRVVvlFCq8aPR1hw=
+		quf8wL7iI1ZFJ2yNg0FJuyQmrq0=
 		</data>
 		<key>Headers/sslerr.h</key>
 		<data>
-		yK43KOTkyrnZSQyDc5YAogavqJ8=
+		/eBMsgFyNFsW6ny0bkuBwgLrV74=
 		</data>
 		<key>Headers/sslerr_legacy.h</key>
 		<data>
@@ -478,7 +494,7 @@
 		</data>
 		<key>Headers/store.h</key>
 		<data>
-		fegXSOFHdhd4iLv0QwfUKFQDdcA=
+		cPiZZOMqKSIDKhg+Wb4cXRa6m+g=
 		</data>
 		<key>Headers/storeerr.h</key>
 		<data>
@@ -488,17 +504,21 @@
 		<data>
 		BKVlRxih7g+A/2BreAiCtO2Tco0=
 		</data>
+		<key>Headers/thread.h</key>
+		<data>
+		I1hNXzQNowl99hyAsBTCu2VmjRQ=
+		</data>
 		<key>Headers/tls1.h</key>
 		<data>
-		X9R0FXKYZoqq6+rpqOicBgmUbY8=
+		2RPzwNlBNfKrQ1WyFD68eMEc//o=
 		</data>
 		<key>Headers/trace.h</key>
 		<data>
-		piBR67GOuHdxC49rFxlGIf167T8=
+		fLX9FULaG2zjQ9KORHF12sHsL4U=
 		</data>
 		<key>Headers/ts.h</key>
 		<data>
-		PvBLnP6OxB2m9yPm7iof8juEBnY=
+		18spUTy4DzuZorIB4Lp830dOb24=
 		</data>
 		<key>Headers/tserr.h</key>
 		<data>
@@ -510,7 +530,7 @@
 		</data>
 		<key>Headers/types.h</key>
 		<data>
-		9FnIjEDd7Ga455uw7oTWdFsJurk=
+		edL/ICzzvHqFHJKhxWjK1eeWzDA=
 		</data>
 		<key>Headers/ui.h</key>
 		<data>
@@ -526,27 +546,31 @@
 		</data>
 		<key>Headers/x509.h</key>
 		<data>
-		vJtB2zbWM/8QFPtQ7AmTdJ7fJgs=
+		kRkTo7TTjRSRFn5qHP7JWVivHX0=
 		</data>
 		<key>Headers/x509_vfy.h</key>
 		<data>
-		2N5BSz89lt/srKzCqnlOodJKXvg=
+		8na6aklL2A7onuXeMTRthbXhwOk=
 		</data>
 		<key>Headers/x509err.h</key>
 		<data>
-		2ebXZ+A3CzBb10VuyEiU4W4hf8k=
+		B7Kjr8BSJE4SUNrUwR3N/oZsRtw=
 		</data>
 		<key>Headers/x509v3.h</key>
 		<data>
-		2S/uEecfn7PGXF1xOEahZ/6gJIU=
+		5IRaO/sKxYx7LnYUHFkZGt2RP/E=
 		</data>
 		<key>Headers/x509v3err.h</key>
 		<data>
-		Yuj0qO2vTX/exW9Ak907VCDetgE=
+		Y1fEIggloQI5ervvbjaNV/vKT94=
 		</data>
 		<key>Info.plist</key>
 		<data>
-		MCXGB7p+FnvUqa7zRPwwvFkL2Cs=
+		HLzm/NeSNfFVhCsA8UzYIsaUqHM=
+		</data>
+		<key>Modules/module.modulemap</key>
+		<data>
+		wSMjVnQJnXCQkrl0p+m5ijRHe3c=
 		</data>
 		<key>PrivacyInfo.xcprivacy</key>
 		<data>
@@ -555,6 +579,13 @@
 	</dict>
 	<key>files2</key>
 	<dict>
+		<key>Headers/OpenSSL.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			MEtxoenK0/ciC8njG1m91zM1Zj/bzoksWvT0CcBqFXU=
+			</data>
+		</dict>
 		<key>Headers/aes.h</key>
 		<dict>
 			<key>hash2</key>
@@ -566,7 +597,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			shh9aAbruUEomkIbMyGmzZLm96Cgs4FmqS3jqnHV6Ww=
+			KeFI7XE72sPwv+tIvKcXjLuZSYqbMrCX9j7WuitpAlg=
 			</data>
 		</dict>
 		<key>Headers/asn1err.h</key>
@@ -587,7 +618,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			eFRMU6v5uIBJPcfgVI+Gi8nH9f/NYBkEgslCE9a40XQ=
+			3p+kTQvKr1RaqzBe2jnqU3Bnu2VD529WO1BFYv/EPoI=
 			</data>
 		</dict>
 		<key>Headers/asyncerr.h</key>
@@ -601,14 +632,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			4r87+8Un7mn7ex8yHqY+0fnESADWbzuJzpjQCa7+f8k=
+			UghErHYW+0e26vpZ8A6M15d+wM1L6vitWGaO52tS3LU=
 			</data>
 		</dict>
 		<key>Headers/bioerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			EsK/MweARB5m6Q5nq8hsjL3aWyG+v6L3Qqo+xiJqXc0=
+			ahYDXCtCpBfhJW0+sKvJ4p+4XbsgqQqeuC4pKu8emK0=
 			</data>
 		</dict>
 		<key>Headers/blowfish.h</key>
@@ -622,7 +653,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			JqQiwwhNxIZq5vv/oHIvCJHd8Z7RXmv3vodYJQxv8YQ=
+			n65hMgoGeEOVdZSUCC+5FHvxLm9PRXJA8RrhHIX/jW0=
 			</data>
 		</dict>
 		<key>Headers/bnerr.h</key>
@@ -671,7 +702,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			q0vvDq28Ja3vZr0mhnI2HeSJiGmLu/HqCJ8JDdr2RgY=
+			2CJ2luMqLO3PwnQg6ZGa66TuLoxHb/ItalzbI+m200o=
 			</data>
 		</dict>
 		<key>Headers/cmp_util.h</key>
@@ -685,42 +716,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YWrD2v+hsWiHdW/Zu4m8qwLVFkbMygbXrpCYDH+05Os=
+			y0wIldwrV+MikpCTtCzbxTxw8qt+0NKfZiZTlKTQZmw=
 			</data>
 		</dict>
 		<key>Headers/cms.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dAb4YkFRBCiPZ16/CnlSU9DRYDx3pRwZRJS0hrMMmnI=
+			UPCKYthav5BLMNc199u/GPvFPQ2x2eVspE26pCosFb0=
 			</data>
 		</dict>
 		<key>Headers/cmserr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			Cd910K/W2zzd7MQZY+jt+tjb2M/2wH4sT/3l87ZQ1EU=
+			hAK97HRqyPcxII1YBUeUONboTuuon5/DvD9PlwB+8p8=
 			</data>
 		</dict>
 		<key>Headers/comp.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			OcFOEsZndKVhfuesQ8wvJ5XiHr3IQ5RsoTQ3DNf7cro=
+			t33C7S0axe7WFlV6m+soOL1+hnGmYLuI5lwzfz5ZFZc=
 			</data>
 		</dict>
 		<key>Headers/comperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			S/5616kjwDFWPbpTtACej94nZvHwsGQc4WOQxbZZ9HU=
+			OLkFpTEyBEFV7o6zEGxDevSZ1kXLbNpjyhVy/9ItXm8=
 			</data>
 		</dict>
 		<key>Headers/conf.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			tahVGvgc1ka2gSvxu8lopcBQPsSIlZCeqM0Vna0qP+g=
+			qSBdcYYyXPkWJHt2hAkBtdCI6WF3w6b3pK5Lnhy4qJA=
 			</data>
 		</dict>
 		<key>Headers/conf_api.h</key>
@@ -741,7 +772,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XHE/sHTtmA7yQDLLCfm0eNpxZ3l/Yo4xTAvb4c7ooV4=
+			IpHQkJF4VaqWvnjuBwDTpgPit005UE7TD1zcMBHXGV0=
 			</data>
 		</dict>
 		<key>Headers/conftypes.h</key>
@@ -755,21 +786,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KkQ/oUk3u2BGQw4XUd5GjJd54V6+XSq9UEbWX1XTLNc=
+			0Ida/Fs06Kp4j+845Dyt70ZClodYgUGM0U1mf0yuVMc=
 			</data>
 		</dict>
 		<key>Headers/core_dispatch.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			F61p2+xD/4Alrb0VDoRuyRk1LAFkrWtW3G1jKklsRKw=
+			bqxsbb8kIjJRLTSEiReczoXgM8AmmZhmuh5EYdSyG8E=
 			</data>
 		</dict>
 		<key>Headers/core_names.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			FOH+hNIzd5OayM9I499Mh0Obu2Ji9DTwlHgb8E6dtBA=
+			HELvq06+G42d2nagLGBmpn2olPiLOFv5imU6+kbDotY=
 			</data>
 		</dict>
 		<key>Headers/core_object.h</key>
@@ -783,7 +814,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			buVxXXChiPxBdtfiBAvzhdFu/frMAz9UMzNmGnqDJmI=
+			TzgsLcMLGxMou7rUca4Wy+w9yUmk7d7p4hlTT02Apqw=
 			</data>
 		</dict>
 		<key>Headers/crmferr.h</key>
@@ -797,7 +828,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			tnaNMWzcFZXu3GYRFGe0ZPtVIukLRJVZbVRjtmkFJjo=
+			9wfDrFD7DhaC82dhecztvao2E71xPz9lf9bY4PecroQ=
 			</data>
 		</dict>
 		<key>Headers/cryptoerr.h</key>
@@ -818,7 +849,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			h+FEevToOo69+FfkwPyFSHXJSmPA3S5E7oisLEZ8C2k=
+			7Qm+qAXk/YTfd5iDdrjE+wZpces3OtmHhaw8l8UsxTs=
 			</data>
 		</dict>
 		<key>Headers/cterr.h</key>
@@ -860,14 +891,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			qmAlWlIThWxywBh5zo8Nf7I/LaVHShheiz3J6rQhsMM=
+			6llNgKcAt/NmYxVJ6TjB31JYo0lMKWqw27fkKlObFfk=
 			</data>
 		</dict>
 		<key>Headers/dsa.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kG32Yco/gyahqPkEdtB67dJvp261VKApXlR5e8N+IxY=
+			8t26gCQTkAuqUPwbVBWJvJPoRzBkakeF3u06MEAl/5Q=
 			</data>
 		</dict>
 		<key>Headers/dsaerr.h</key>
@@ -888,7 +919,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Q5TVqAW9hjFvyHKd2Bwq19vnjcILJIOnBxnkVMtoxzI=
+			RQKUugt4zz3v/+C10g41JI8IPu0GkmRDrkbUb7PqJWI=
+			</data>
+		</dict>
+		<key>Headers/e_ostime.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Q6I6lPVqdQs+zY6RX0r0lC2L88m4E1eqw/lfzVY1Lrg=
 			</data>
 		</dict>
 		<key>Headers/ebcdic.h</key>
@@ -902,7 +940,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y+hWYNUlwQ6qtXCGSL/bti9RxnkzUdL7FqDIzWDRNrE=
+			mJX8V9DEx/jAumAMtZ/U8kMXX1TX9nbfd5DdaN5uJOM=
 			</data>
 		</dict>
 		<key>Headers/ecdh.h</key>
@@ -958,7 +996,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			KtW7g1dgWKWVF+EEKLcjj3lj7EC7NOx7WUh0i2shdpA=
+			OtC2kONUwoUIukUDUzK/VgXWtzJA6mtPYYrXe6Jgmkw=
 			</data>
 		</dict>
 		<key>Headers/ess.h</key>
@@ -979,14 +1017,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			RNLwSx5MNzfH0ejqFXfUGpphkSuqff35suWkWFMgd7I=
+			pcZ7SZve6yJx+g54liiQLaNZWKc9OaGjam7DBVALzTo=
 			</data>
 		</dict>
 		<key>Headers/evperr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			euxarWrfcccSI6ePW0tMwCdc/0Ov1AymmAlBmNyLQwg=
+			00qdj68t1nuriDaJ8NxEksN4aazW2O+QW5+u1toVO+U=
 			</data>
 		</dict>
 		<key>Headers/fips_names.h</key>
@@ -1010,11 +1048,18 @@
 			NytpSae6/m3bmPIuzrXU+VbinKW7Ln9B9iNFTL9ICkQ=
 			</data>
 		</dict>
+		<key>Headers/hpke.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			1AuWJMq0cOr2d8CoejccY6gWVJ8jcdPhfVrGQ639yCk=
+			</data>
+		</dict>
 		<key>Headers/http.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			91l/mw0fZnDeyiNtNHjRxaSnkT7UVM8yTYSD4F6Ya1w=
+			6gY6xX3VRsijDfDPVaXWpkMuYE5/FDGmx8RMlWoVyrA=
 			</data>
 		</dict>
 		<key>Headers/httperr.h</key>
@@ -1049,14 +1094,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XSTKiQZQ73chGmvuj48h5ugfvQXVbQxp1WVHqz4kWkA=
+			F2f4RxI9RmbLe5nXWa0/5D4erEFG7nEjltJJrRYgyjo=
 			</data>
 		</dict>
 		<key>Headers/macros.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			gDVnN/wbvPj6oEfGlSX8zXdWT4a9OxvV5GCdGyNwhPI=
+			hltqy+TBNqyCuYew4uQ2f8aHEvk64M21ZLs0vyhcZyE=
 			</data>
 		</dict>
 		<key>Headers/md2.h</key>
@@ -1098,7 +1143,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			wdMfMqPbyd6h2xDzIrS0aiTD1EEf5UYw31n6RvwrWDo=
+			waWImVMklfmf08QW1xgZF5Zjpm++Jy9ku5CrBX+g5VA=
 			</data>
 		</dict>
 		<key>Headers/objects.h</key>
@@ -1140,7 +1185,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YFed6P1zRimGXTIi2FRHsc1/mdyxYTCZ18xlzll2Li0=
+			Qq2srRiduNulAmYB7zq68KxM32jsk2pG5P+nKjK2OzA=
 			</data>
 		</dict>
 		<key>Headers/ossl_typ.h</key>
@@ -1168,7 +1213,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DN+6pNwsFyyBgs98+7jbCgNJfvwt/rJeCg2WLTDTNYg=
+			uBCibbSDJ7GunXW1j343fDj3yJRQ3AddpGsPLre8Hss=
 			</data>
 		</dict>
 		<key>Headers/pem2.h</key>
@@ -1189,21 +1234,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			ZYehOPA0MbJhMvsUlBAI0aK9FhMMZpt4//yPydRuYOE=
+			WGbbKAmW8z04saKy/zx47Nstn3PavT+aOce5k9xIs54=
 			</data>
 		</dict>
 		<key>Headers/pkcs12err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			kRJg9g407xHQuASaFDItEQBNpdgTyVawn0oujWPaNfw=
+			vPiMClfcZesQJnXjGRL4Ujp5TpsyXld2pjvji+dXfa4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			mBw6EbUTC/uqy8CJWYp1uM5ZaF2X8c0J3a83+6NNJqY=
+			CarN2EEspNpsc09r+tlmsQJxBfrw30RRvfID5lp66l4=
 			</data>
 		</dict>
 		<key>Headers/pkcs7err.h</key>
@@ -1217,28 +1262,35 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			H1wSHALTH2lb/3CDluBRIob6BN7mfxKriVwMVYujPyA=
+			Md7X+ATzQcAcLzBRh9HPdtrr5EJqHGtNKrwrEtbi0JA=
 			</data>
 		</dict>
 		<key>Headers/proverr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			XKrkn3a3nHlxs5NAaIQVcm1rO3HC/CZMXHsXlTxCu0k=
+			bRvMqO36HqsjEvFJ/ndG4GcCf8dz7nPadhLZmlTpHEY=
 			</data>
 		</dict>
 		<key>Headers/provider.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			2LtUDo3L9kFSznENH3sb4tl0LaLB+i5RFfg+8tGnI/s=
+			EEuaobDoUsMJwKdCLprIzwe07tvrWnLQ4MBMUUB9ptU=
+			</data>
+		</dict>
+		<key>Headers/quic.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			H1ZKGkL90zXDNitZ4DTwoubpZx7Bcnw9Zm/FuND0f8k=
 			</data>
 		</dict>
 		<key>Headers/rand.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			KBX/CAJuhdpnexbZoz0vnRBfj/pMlsN4/QkdZxLei7w=
+			/RSDdalOfya/HZNMquQ0Evibg8Y5PwmUBJBAzs6nz84=
 			</data>
 		</dict>
 		<key>Headers/randerr.h</key>
@@ -1280,7 +1332,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			x1JKV2eMgJJx/pqjpNl/SoQLsJ9H/sI4kXRfgAt2o2E=
+			DqCcurIcln50Mz6+Ua9BjwGk2vqMkJvFKIDl0OGbsyQ=
 			</data>
 		</dict>
 		<key>Headers/rsaerr.h</key>
@@ -1315,7 +1367,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			YnSBfD21ebr+38Khr097Y2gg94ubAv9LoGBl0ozSgsU=
+			dC52UGO80Kww19nTHN3bGqHdTj+ZiVWBhb68CP8gB2k=
 			</data>
 		</dict>
 		<key>Headers/shim.h</key>
@@ -1336,14 +1388,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XOTc5PVWfdfxbZMJr3YXUJueXXsZTZS00ccOd4FuAXs=
+			CB9jzb2ylDu+lAcdX0jhVgPVDNWA5f5gPnmTn2rWax4=
 			</data>
 		</dict>
 		<key>Headers/ssl.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			NuHztvzgR2gGIQLwS3NBtu3JbUSgLWVijF6Es3oxpzQ=
+			WXSPtaTG3LWWKmUossQktztKYatlNzLIXsQHMX5UyAI=
 			</data>
 		</dict>
 		<key>Headers/ssl2.h</key>
@@ -1357,14 +1409,14 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			Nhv0r++C7npGte00T6u2uq20Xh3Fze8Wp4vxh6oRCss=
+			dxniStXBtgob+9SH5dhZI9E9qjPWf1cZjT43N6AJVgo=
 			</data>
 		</dict>
 		<key>Headers/sslerr.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iZ93plHgLFnyrZZZokUDOJT625SkPjqUmmHj+XBCoVY=
+			5N6b5J1x19nRahdCyVy23rl9iDkTxUg2n7yY/u6Atz0=
 			</data>
 		</dict>
 		<key>Headers/sslerr_legacy.h</key>
@@ -1385,7 +1437,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			y3+nQn6RFGPkWD3eK+PPKsxiNF0n7HIOW0CLvmTE1xo=
+			dH7Jojesfusd3CLOE0YuJFue2SOAujQtr0pslBa7UL8=
 			</data>
 		</dict>
 		<key>Headers/storeerr.h</key>
@@ -1402,25 +1454,32 @@
 			rfM3kcLO7FQN3+IYkZ0jHtIlR0k5K81FiY4BN71zCZY=
 			</data>
 		</dict>
+		<key>Headers/thread.h</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			x1Tx7zNdbopcb4kLDZQiofML1j0aRRE9/1HR2OYmjXA=
+			</data>
+		</dict>
 		<key>Headers/tls1.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			VhROLr9hH7d5oLqtnqMjOwWg+JDMJRMSxIeI7vFmKng=
+			uFgSgYdZuPmMyr9QTkx4NYCyXGdif7Hz16NPqHW8nEA=
 			</data>
 		</dict>
 		<key>Headers/trace.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			luqjfWRIu3Afm26nIIAY0YoTrGXcZpmpZwmc0h4chRs=
+			7FfkhokZ1Qltj6m6Dz0k9q9G7ZIf9TssxcRbZFrR5gw=
 			</data>
 		</dict>
 		<key>Headers/ts.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			+P/0c6+qDqxV8gUOa6kxoE0HJwDKpUxiW/DY15pb/hE=
+			OXTvfYqOe8Sz2KOTKuY5rKOYEGol8XjlZ+o5cAlAln0=
 			</data>
 		</dict>
 		<key>Headers/tserr.h</key>
@@ -1441,7 +1500,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			+7mTptklrOO5aVcijbBYhTh0pOqsfzOug/P33Zy7nzk=
+			a78ynjIl+kcRS9HpaK7Ps9jxpZ+U7aKS+hEM8HA6g24=
 			</data>
 		</dict>
 		<key>Headers/ui.h</key>
@@ -1469,35 +1528,42 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			M2Fcolp4wiZdlqd4cBDSOE4gCCkVXAwHl5ee0onLCb0=
+			SKmMFPua9yRvLHpO/GdBXX30v4/k9sl/OWA6qLYq57w=
 			</data>
 		</dict>
 		<key>Headers/x509_vfy.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			PeGt+IVt8i2ujK8bgvw+S15+jPYz/VplNTI/w0S9EFE=
+			TDUYtTBN2AsRGiamZQ7R/kcg8jZe/p+yiUC37ePuH+c=
 			</data>
 		</dict>
 		<key>Headers/x509err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			bLjU+Mty+G4WZPksYrccKWah3HCUV+1YMewbnwqOUqs=
+			AxNb4ppxudVLnIz4T8JRJNZvyfzrZ7NPRuyzOa86GVE=
 			</data>
 		</dict>
 		<key>Headers/x509v3.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			dvrLJzvTwcujJDV2LIm1pgYent920E/14cos/V3pjhs=
+			Rokga22w41QgLX0G/f1MB1kysjhZ+4iA27QZ/RZtaLw=
 			</data>
 		</dict>
 		<key>Headers/x509v3err.h</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			z4SM4u1xTutU4Rv2xvXTShGsFH4OcJqHTfpepHbKnQQ=
+			gsut9IsKOvATu7O9MUNz1N1Eka49KlZhHDPLWKODSJs=
+			</data>
+		</dict>
+		<key>Modules/module.modulemap</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			Iyk3YE2iKlYEZnIdRRtNf4piXHBV2iLaIdaHtxJFxL8=
 			</data>
 		</dict>
 		<key>PrivacyInfo.xcprivacy</key>
diff --git a/Makefile b/Makefile
index a29e3821..de747d36 100644
--- a/Makefile
+++ b/Makefile
@@ -4,7 +4,7 @@
 
 .EXPORT_ALL_VARIABLES:
 
-OPENSSL_VERSION=3.1.6
+OPENSSL_VERSION=3.2.2
 IPHONEOS_DEPLOYMENT_VERSION=12.0
 MACOSX_DEPLOYMENT_TARGET=10.15
 XROS_DEPLOYMENT_VERSION=1.0
diff --git a/OpenSSL-Universal.podspec b/OpenSSL-Universal.podspec
index a03b385b..eb00c43a 100644
--- a/OpenSSL-Universal.podspec
+++ b/OpenSSL-Universal.podspec
@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name         = "OpenSSL-Universal"
-  s.version      = "3.1.6000" # 3.1.6
+  s.version      = "3.2.2000" # 3.2.2
   s.summary      = "OpenSSL for iOS, macOS, tvOS, visionOS, watchOS"
   s.description  = "OpenSSL is an SSL/TLS and Crypto toolkit. Deprecated in macOS and gone in iOS, this spec gives your project non-deprecated OpenSSL support. Supports macOS, iOS, tvOS, visionOS, watchOS including Simulator (armv7s, arm64, x86_64)."
   s.homepage     = "https://github.com/krzyzanowskim/OpenSSL"
diff --git a/OpenSSL.json b/OpenSSL.json
index 5ff39e85..f3644986 100644
--- a/OpenSSL.json
+++ b/OpenSSL.json
@@ -1,4 +1,5 @@
 {
+  "3.2.2000": "https://github.com/krzyzanowskim/OpenSSL/releases/download/3.2.2000/OpenSSL.xcframework.zip",
   "3.1.6000": "https://github.com/krzyzanowskim/OpenSSL/releases/download/3.1.6000/OpenSSL.xcframework.zip",
   "3.1.5007": "https://github.com/krzyzanowskim/OpenSSL/releases/download/3.1.5007/OpenSSL.xcframework.zip",
   "3.1.5006": "https://github.com/krzyzanowskim/OpenSSL/releases/download/3.1.5006/OpenSSL.xcframework.zip",
diff --git a/OpenSSL.xcodeproj/project.pbxproj b/OpenSSL.xcodeproj/project.pbxproj
index 718982f7..f156ee50 100644
--- a/OpenSSL.xcodeproj/project.pbxproj
+++ b/OpenSSL.xcodeproj/project.pbxproj
@@ -39,6 +39,7 @@
 		0529A77980B80CED295E06B6 /* md5.h in Headers */ = {isa = PBXBuildFile; fileRef = 889FEE740D475A29B5A5EFEA /* md5.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		0532B776C879B8A8CAC86108 /* buffer.h in Headers */ = {isa = PBXBuildFile; fileRef = 12AE096467593600A2A58F12 /* buffer.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		0539071C2137168548EDDEE9 /* storeerr.h in Headers */ = {isa = PBXBuildFile; fileRef = 2EBB31F43626D400ABB81678 /* storeerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		05674F77B2BE4EF03AC455F3 /* hpke.h in Headers */ = {isa = PBXBuildFile; fileRef = FFBAC2B9F5D60CD567CCE46E /* hpke.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		05CC5E0303BF93595F761EEC /* core_object.h in Headers */ = {isa = PBXBuildFile; fileRef = CCEDB94B5892AEC391F269AC /* core_object.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		05D44D1CABF8EE6A37290F2D /* encodererr.h in Headers */ = {isa = PBXBuildFile; fileRef = 10B07F70C9D2F7EADFF49A03 /* encodererr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		05DE3FDB661D4E292028836F /* decodererr.h in Headers */ = {isa = PBXBuildFile; fileRef = C94F1C3C08633E562963C4AC /* decodererr.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -59,6 +60,7 @@
 		088E9599A95B1622233BFC4E /* rsaerr.h in Headers */ = {isa = PBXBuildFile; fileRef = AE372801749157D9E65F91D6 /* rsaerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		08C2C55400BEF8CD505DA76A /* ocsp.h in Headers */ = {isa = PBXBuildFile; fileRef = 8685B8E11B14A4F9406CFFA2 /* ocsp.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		08C594473752F7145B69E339 /* engineerr.h in Headers */ = {isa = PBXBuildFile; fileRef = 05220FAAAA618976E936614C /* engineerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		08C61BEC38F5BD57A4B1B11A /* hpke.h in Headers */ = {isa = PBXBuildFile; fileRef = CAB86FBBB1E9619FAA04A807 /* hpke.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		090035130CA11F493F5436CC /* md4.h in Headers */ = {isa = PBXBuildFile; fileRef = BF1FB8C7F52F8FE992727E7A /* md4.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		0917E83AC5C6FF1BCDFDD457 /* types.h in Headers */ = {isa = PBXBuildFile; fileRef = A2863B76C08DA9AA9E20C3B4 /* types.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		0920F1B11AF4A21A74C353F2 /* cmserr.h in Headers */ = {isa = PBXBuildFile; fileRef = 02050FF75BDC856C95EE8401 /* cmserr.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -75,6 +77,7 @@
 		0B3A18E0A2218CD6EB85C562 /* decoder.h in Headers */ = {isa = PBXBuildFile; fileRef = 31628F38589C9B9D66C2D323 /* decoder.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		0B53C646CD6ED141BBCD4119 /* ebcdic.h in Headers */ = {isa = PBXBuildFile; fileRef = 6C38CA2BD48DDF1682EC9708 /* ebcdic.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		0B779EBF4B786B85073BA7A6 /* kdf.h in Headers */ = {isa = PBXBuildFile; fileRef = F230877E609908D840F2CD6D /* kdf.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		0B8172CDC0B3BCC66567B4CC /* thread.h in Headers */ = {isa = PBXBuildFile; fileRef = 5705B5156AB691810ABB5409 /* thread.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		0BA5D526CB2F26B3B2DA334D /* ossl_typ.h in Headers */ = {isa = PBXBuildFile; fileRef = 7D9DEB156FCFE063B8B239C4 /* ossl_typ.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		0BB7298554FE16FEEB2AA62C /* ecerr.h in Headers */ = {isa = PBXBuildFile; fileRef = 8E00EF4066D20DE6E95B9A63 /* ecerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		0C002817AA83A7ADA400C6FA /* kdf.h in Headers */ = {isa = PBXBuildFile; fileRef = 0CC12419608166AC3484A283 /* kdf.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -121,6 +124,7 @@
 		12DE44662A1BD48F39536118 /* kdferr.h in Headers */ = {isa = PBXBuildFile; fileRef = EFFB437671A04184E3AF91A1 /* kdferr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		131E8A8F108273B16C13AFE0 /* obj_mac.h in Headers */ = {isa = PBXBuildFile; fileRef = B189FBF763E8B4BAC364BFDD /* obj_mac.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		13527AF941EAFCEF7A4CC5B3 /* pkcs7.h in Headers */ = {isa = PBXBuildFile; fileRef = 34FCB9E1893F1DDEBECCE908 /* pkcs7.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		13BE84B720FD154B219FBEB3 /* quic.h in Headers */ = {isa = PBXBuildFile; fileRef = 3ABB10DC5797C78C86EAAF96 /* quic.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		13E9C9CF9D4A630FB421A88D /* rc4.h in Headers */ = {isa = PBXBuildFile; fileRef = 7282D5CE854449D4123EE759 /* rc4.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		140C6F4B20F4F6C649CF502F /* shim.h in Headers */ = {isa = PBXBuildFile; fileRef = B2CBB10A62B3E6C646A4BDDD /* shim.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		141F23C1E6F044A4F09566CA /* rsaerr.h in Headers */ = {isa = PBXBuildFile; fileRef = F6B6DB57AC0C1DC16B0B88B0 /* rsaerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -146,6 +150,7 @@
 		177EA6607C3DC33A9F16D056 /* cmac.h in Headers */ = {isa = PBXBuildFile; fileRef = 5D8A5DB5C48DDA80756917B3 /* cmac.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		17838E8464ACFF443E3F9C4E /* ebcdic.h in Headers */ = {isa = PBXBuildFile; fileRef = A2A5D7F08C1A88A19AD65509 /* ebcdic.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		1798A832CF8E3EFC420E97C4 /* pkcs7.h in Headers */ = {isa = PBXBuildFile; fileRef = 49387CC6B6BC55F06BBCDAD5 /* pkcs7.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		17F605C63683B601CA60CBBB /* OpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = 7E14226DFC71F8A8761A2446 /* OpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		1867979361DB105B20E801D1 /* rc2.h in Headers */ = {isa = PBXBuildFile; fileRef = B4A6F2CE7D5EBAA9220400C6 /* rc2.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		18AA5FE263DF2AD6F0B13C43 /* httperr.h in Headers */ = {isa = PBXBuildFile; fileRef = 7E069D672281873AE1569E4E /* httperr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		18B061CDCC373FB1939C57B9 /* decodererr.h in Headers */ = {isa = PBXBuildFile; fileRef = D58FD184DBD71DF9E1C1C37C /* decodererr.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -219,7 +224,6 @@
 		25023314F77887AB7A015A18 /* dsaerr.h in Headers */ = {isa = PBXBuildFile; fileRef = 7322220487D70D488A719C8D /* dsaerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		2506E756002341EA5EA43175 /* cmp_util.h in Headers */ = {isa = PBXBuildFile; fileRef = 8BC7AC969A7D255A1BB661BB /* cmp_util.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		251F87867CC2DF01FED32DD2 /* ocsperr.h in Headers */ = {isa = PBXBuildFile; fileRef = 9B1BC8B4A202160A9E785977 /* ocsperr.h */; settings = {ATTRIBUTES = (Public, ); }; };
-		254362AC6624D0322CDAD913 /* OpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = 9C5825B655693C39829EC716 /* OpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		25525137BC9323C5C1D23B2E /* encodererr.h in Headers */ = {isa = PBXBuildFile; fileRef = 6C67EDD2BF7BE842A3174EF9 /* encodererr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		255777AFFC0BAD76FF17FB65 /* modes.h in Headers */ = {isa = PBXBuildFile; fileRef = 4FF9861665F9C20AE246D611 /* modes.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		256B453D26AA453FCEDC9A45 /* bnerr.h in Headers */ = {isa = PBXBuildFile; fileRef = 405168850DFDDA9306520D4A /* bnerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -240,6 +244,7 @@
 		2818AC174C8519E2F6FDE992 /* PrivacyInfo.xcprivacy in Resources */ = {isa = PBXBuildFile; fileRef = CD20DE50707AD73FB57BFCD5 /* PrivacyInfo.xcprivacy */; };
 		282FF27274A09F52597E2BB3 /* ecdsa.h in Headers */ = {isa = PBXBuildFile; fileRef = 41E65F106D8820D872BCACF5 /* ecdsa.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		2858D6EA33A45556FFC0AF1B /* types.h in Headers */ = {isa = PBXBuildFile; fileRef = A3B95E24D0DCC5DC39F53E2E /* types.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		28C7546BE270499688207511 /* OpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = 7E14226DFC71F8A8761A2446 /* OpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		28F0D097A84D310F542951E5 /* whrlpool.h in Headers */ = {isa = PBXBuildFile; fileRef = 3D8A7E62C0CF2AF3417C8135 /* whrlpool.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		298645C60A120E1614060A12 /* conf.h in Headers */ = {isa = PBXBuildFile; fileRef = CEB01FE701AC2DEEC40CFA38 /* conf.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		2995A6E0BBA2FEC475C76366 /* shim.h in Headers */ = {isa = PBXBuildFile; fileRef = BB91AC448BA95839FAB7BE04 /* shim.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -260,6 +265,7 @@
 		2B2B103EAB6873AD0802E357 /* safestack.h in Headers */ = {isa = PBXBuildFile; fileRef = AC6510E0B386EA5DCAD16467 /* safestack.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		2B4179D106903F0F0F1F609F /* ecdsa.h in Headers */ = {isa = PBXBuildFile; fileRef = 15A17201797FA65B6B54745C /* ecdsa.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		2B75E899C9639924E8EEA5F3 /* safestack.h in Headers */ = {isa = PBXBuildFile; fileRef = 1B4E41C556F268F4688C47E9 /* safestack.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		2B8D988A8C1076568EBBC174 /* quic.h in Headers */ = {isa = PBXBuildFile; fileRef = 1FFF43C3AED633E4211DEB32 /* quic.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		2BD965E709DADBD25FCE36D2 /* self_test.h in Headers */ = {isa = PBXBuildFile; fileRef = 5395FDAC6F0D14F66B106A0F /* self_test.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		2BEEBBD3761EFC21F9800B84 /* cast.h in Headers */ = {isa = PBXBuildFile; fileRef = F80A82C83964DB5BC5959B7A /* cast.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		2C04E814072BC90BDBC6EF01 /* objects.h in Headers */ = {isa = PBXBuildFile; fileRef = 71BFF4B848F34A417EE546A1 /* objects.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -279,11 +285,11 @@
 		2DD590D8F9A18C1EE3729BE3 /* bn.h in Headers */ = {isa = PBXBuildFile; fileRef = 87B752FA99598AF6FBC1A461 /* bn.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		2E66855855532BB0932B07EF /* sslerr_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = F0F944590D78E0AC6C64DC44 /* sslerr_legacy.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		2EC7DD57984FC4C4CDAD9BEA /* pemerr.h in Headers */ = {isa = PBXBuildFile; fileRef = 590AC29F544D18854C1A75F3 /* pemerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		2F100F8ECF8841CF2D363CE8 /* quic.h in Headers */ = {isa = PBXBuildFile; fileRef = C03FEB21CDD64CBC73DBDE8C /* quic.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		2F158A54A2F4E3A73C391536 /* ocsperr.h in Headers */ = {isa = PBXBuildFile; fileRef = 0EE844F382CBB393175DD6B9 /* ocsperr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		2F1BD9FF3C65172A55F0D374 /* pem2.h in Headers */ = {isa = PBXBuildFile; fileRef = CE5978F8628CFD532C53FFC7 /* pem2.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		2F9701B7854EE8BBFE38A87A /* x509v3err.h in Headers */ = {isa = PBXBuildFile; fileRef = 4F28F2471F2183D623E8399B /* x509v3err.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		2F9DF38793FE30D5D13869EF /* prov_ssl.h in Headers */ = {isa = PBXBuildFile; fileRef = 7C637762426D432BFE7CA04E /* prov_ssl.h */; settings = {ATTRIBUTES = (Public, ); }; };
-		2FF4BD34D1890DF65714BCB4 /* OpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = 3D1E4EDFFB8A21D8C21AF1AB /* OpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		2FFAB6E348B65953E8530699 /* cterr.h in Headers */ = {isa = PBXBuildFile; fileRef = F01A75359DA57A503702F209 /* cterr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		2FFEC3F5B41C8C5047F1C6FF /* asn1err.h in Headers */ = {isa = PBXBuildFile; fileRef = 24E83E902ADC484AEF292A9C /* asn1err.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		3033F59661EBB36751C7DA73 /* ocsperr.h in Headers */ = {isa = PBXBuildFile; fileRef = 1DE176BB02719816B479DF14 /* ocsperr.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -299,6 +305,7 @@
 		31504D83C3FEF0BD20CAC273 /* async.h in Headers */ = {isa = PBXBuildFile; fileRef = E5CB12AFE198424CFC977058 /* async.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		3171AC5A02C5DFCA975B637A /* rc4.h in Headers */ = {isa = PBXBuildFile; fileRef = DA9B4E179953C711A25A23AF /* rc4.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		31F11F80B728DAB70410BCFA /* dtls1.h in Headers */ = {isa = PBXBuildFile; fileRef = 51FAA4E60AA67A24933BCA30 /* dtls1.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		3292C981E768D1164F22CA77 /* thread.h in Headers */ = {isa = PBXBuildFile; fileRef = 8602928B4AAD6EEED2F26768 /* thread.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		32DBC608AAEAE3517E23A02D /* ec.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C8E65B51A2E061ACB3753CD /* ec.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		32F5F0716DA99E4F1F7FFA3A /* provider.h in Headers */ = {isa = PBXBuildFile; fileRef = 3618519CE9156865758DBE79 /* provider.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		3322D190F377AAFE43C89C69 /* param_build.h in Headers */ = {isa = PBXBuildFile; fileRef = C4B572BF89084284B7A4BFF1 /* param_build.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -315,7 +322,6 @@
 		3486E3952D17D0BF9BAF44BF /* ct.h in Headers */ = {isa = PBXBuildFile; fileRef = EC2778F81E92E7DB62441A5B /* ct.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		34C7F3E34F68A4980594B721 /* bn.h in Headers */ = {isa = PBXBuildFile; fileRef = 00C45E5DBFE71766FD1DFD7F /* bn.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		34DDDD472C1E55393845E2CA /* srtp.h in Headers */ = {isa = PBXBuildFile; fileRef = 8A5D63DA8D4B0272866D7312 /* srtp.h */; settings = {ATTRIBUTES = (Public, ); }; };
-		35040057813D5185A5E3DDCE /* OpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = DE418C7E56A68380E0665553 /* OpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		3511655B9E7F99B265FFAD09 /* pkcs7err.h in Headers */ = {isa = PBXBuildFile; fileRef = B17F9084FAACE5ACE2D8365F /* pkcs7err.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		351B9B9D128F4EAB34C9E169 /* libcrypto.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 438319E421F3053E4D7BFCFF /* libcrypto.a */; };
 		3545F3D1298B186696DAE6C5 /* objectserr.h in Headers */ = {isa = PBXBuildFile; fileRef = 41CC244DE9B58E3FD01D36ED /* objectserr.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -344,6 +350,7 @@
 		3A3AAB69AD07B51A165BE526 /* srtp.h in Headers */ = {isa = PBXBuildFile; fileRef = 03EED584D5069D9DA8BFDCBB /* srtp.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		3A5E0AC4515FF84C30DEDEA1 /* tls1.h in Headers */ = {isa = PBXBuildFile; fileRef = 5EABBAACCB91DA4273BA36A7 /* tls1.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		3A9830E8116904E1ABB1A015 /* rc5.h in Headers */ = {isa = PBXBuildFile; fileRef = 446DBFA91E50A086B2A7899A /* rc5.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		3A9C8527B37400F310CB6793 /* OpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = 7E14226DFC71F8A8761A2446 /* OpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		3AB2E3458A0AD9EAF84BF77E /* evp.h in Headers */ = {isa = PBXBuildFile; fileRef = F0423013DD0B8C3126F32DD8 /* evp.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		3AFC5FF878C0FB2704A8ED08 /* ebcdic.h in Headers */ = {isa = PBXBuildFile; fileRef = ABAF353C0494098F713BB833 /* ebcdic.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		3B28E90FA291650A5EC5BE11 /* comperr.h in Headers */ = {isa = PBXBuildFile; fileRef = 549E3EDDED659705BBC36FD2 /* comperr.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -353,6 +360,7 @@
 		3B85D04A0C675F65767F17D4 /* evperr.h in Headers */ = {isa = PBXBuildFile; fileRef = AA67AE6A9BB30EE6AB0BAB1F /* evperr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		3B9E660570618AE919871EB0 /* core.h in Headers */ = {isa = PBXBuildFile; fileRef = 661C92448E2AAFAA6E1FA11F /* core.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		3C0CDEB9AA92279E2BD03DBE /* objectserr.h in Headers */ = {isa = PBXBuildFile; fileRef = 8A20CE0E7A295CA8F4BC3D33 /* objectserr.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		3C19D3F2D4B21717BF5AE347 /* e_ostime.h in Headers */ = {isa = PBXBuildFile; fileRef = A60B0E00715FDFCD0419710B /* e_ostime.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		3CA600EDFCB1161324735021 /* ct.h in Headers */ = {isa = PBXBuildFile; fileRef = 730FBFA9767111EC21DD1F9C /* ct.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		3D0A5D1187E24D14D7266552 /* httperr.h in Headers */ = {isa = PBXBuildFile; fileRef = A526DE73F6F32E0BCD3C8A41 /* httperr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		3D309A8E84765F3D37BBEB18 /* sslerr_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = 8C299F1649A19DB0551BB34C /* sslerr_legacy.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -399,6 +407,7 @@
 		43D8864E16329530354682D6 /* md5.h in Headers */ = {isa = PBXBuildFile; fileRef = 0B1346617F4672817D3302B7 /* md5.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		43E68CC8FA39F8116DD7EC97 /* md2.h in Headers */ = {isa = PBXBuildFile; fileRef = AA2F71324F5D73581821A548 /* md2.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		43E6D09CDCE76E26F511C3EA /* sslerr_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = 4FA246F5C3C4F40175197368 /* sslerr_legacy.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		4428F6B0F24B3330E9673D7E /* e_ostime.h in Headers */ = {isa = PBXBuildFile; fileRef = BBA9E43D4CB9492C2FCD1F58 /* e_ostime.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		4447EF86C665C2CEEA1EDE68 /* http.h in Headers */ = {isa = PBXBuildFile; fileRef = 53298046092A0C5D01A6C0DA /* http.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		444885C87A2AE6EF4BF2DAFA /* fips_names.h in Headers */ = {isa = PBXBuildFile; fileRef = 2D4B87EF8E2E9EF29284E010 /* fips_names.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		4463905B9020BC795EFEF5EB /* cmac.h in Headers */ = {isa = PBXBuildFile; fileRef = 387D363BC9EE09B3739EFA71 /* cmac.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -443,9 +452,11 @@
 		4E747B1EC53AC450E980C843 /* safestack.h in Headers */ = {isa = PBXBuildFile; fileRef = FC52DB8FC4DBD90CCE25708A /* safestack.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		4EC98CBA3C7366BA595BD4DF /* objectserr.h in Headers */ = {isa = PBXBuildFile; fileRef = 34E916917C094926699362D1 /* objectserr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		4F3D15400B707F9835E4BA36 /* lhash.h in Headers */ = {isa = PBXBuildFile; fileRef = 194103E6251C02AB1E43F220 /* lhash.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		4F666B5A2728905A57668388 /* e_ostime.h in Headers */ = {isa = PBXBuildFile; fileRef = A41DADC4D994465AEF9C5655 /* e_ostime.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		4F7CAB2060E07088C33E5AA0 /* x509.h in Headers */ = {isa = PBXBuildFile; fileRef = DD92D7D1F3AD549F770F97D6 /* x509.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		4FB9E2AACD6F423B08D0D6F9 /* opensslv.h in Headers */ = {isa = PBXBuildFile; fileRef = BD1CDF5F0C05013EF9A8205F /* opensslv.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		5000C3FDFD42CDA7700AD293 /* self_test.h in Headers */ = {isa = PBXBuildFile; fileRef = BEFFC540648C7A8E2B0AD890 /* self_test.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		5011E00212B8C9213E15FE27 /* hpke.h in Headers */ = {isa = PBXBuildFile; fileRef = 0BD49B1916C23C6E74B12885 /* hpke.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		501E5C3E49E783F46F319976 /* dsa.h in Headers */ = {isa = PBXBuildFile; fileRef = A02D90DE832190CF4B3ABCE8 /* dsa.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		5050A5C937CDB64181C16065 /* storeerr.h in Headers */ = {isa = PBXBuildFile; fileRef = ECD07DE0E1E839D92A623587 /* storeerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		5082B3D55969A127C2EF798D /* hmac.h in Headers */ = {isa = PBXBuildFile; fileRef = E9FB5C36C0AC68E8E8316DA6 /* hmac.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -466,6 +477,7 @@
 		523CE48327D824C456FD3624 /* ripemd.h in Headers */ = {isa = PBXBuildFile; fileRef = 9D6BDD0E24BD1026515F4E55 /* ripemd.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		525A1401B9ABC3F307748D20 /* cmserr.h in Headers */ = {isa = PBXBuildFile; fileRef = A909A2FB7B4BA82B483B0154 /* cmserr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		52C132DC540F74B52E51ACB4 /* rand.h in Headers */ = {isa = PBXBuildFile; fileRef = CC902BB30517DB83D41F142A /* rand.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		52D2A796E2866FC16EF346B9 /* OpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = 7E14226DFC71F8A8761A2446 /* OpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		5317DA39F74ACFE92E499DB2 /* pem2.h in Headers */ = {isa = PBXBuildFile; fileRef = 06F67A28152F3982E070783E /* pem2.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		536A2E2B7A193B3A1494DEA1 /* lhash.h in Headers */ = {isa = PBXBuildFile; fileRef = C53A483B7B5F47E818FC907F /* lhash.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		53898275201EF61F029F161E /* macros.h in Headers */ = {isa = PBXBuildFile; fileRef = 8DE8D31910BCA3F0C81781CF /* macros.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -479,7 +491,6 @@
 		54BD065DE711439C2A05417B /* self_test.h in Headers */ = {isa = PBXBuildFile; fileRef = 434595CCF863BBD18ADE0225 /* self_test.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		54FE4E688BC7C2D5F49656E9 /* http.h in Headers */ = {isa = PBXBuildFile; fileRef = 90D0FBDFDFDA3A01157DBA58 /* http.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		552799ACFC125862E531452C /* cast.h in Headers */ = {isa = PBXBuildFile; fileRef = A451CC8B9E19EAA0C0777714 /* cast.h */; settings = {ATTRIBUTES = (Public, ); }; };
-		5552351456658095117D9E0A /* OpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = 402F3A62F32C2933D12132DE /* OpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		558A43D7A330AC50F611ABEF /* ssl2.h in Headers */ = {isa = PBXBuildFile; fileRef = EC7D256172A47F3BBF6AE4A4 /* ssl2.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		55CFCA72D4D61470560367D7 /* modes.h in Headers */ = {isa = PBXBuildFile; fileRef = 64D47A21EDA3CC9B756D28A7 /* modes.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		5632BADD16443093CB8880FD /* engineerr.h in Headers */ = {isa = PBXBuildFile; fileRef = E12333E2F51307058E4DAC5D /* engineerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -509,6 +520,7 @@
 		5A455DBE2CDBF5C91B52A298 /* md5.h in Headers */ = {isa = PBXBuildFile; fileRef = 5CB7EADC3BDD11A178FB5419 /* md5.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		5A4D3508B9AE27D481B1CFB5 /* bn.h in Headers */ = {isa = PBXBuildFile; fileRef = 743559EC759D13E0903CE39D /* bn.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		5A862182FD90425C7EE918C7 /* core_names.h in Headers */ = {isa = PBXBuildFile; fileRef = EBF8DB1147DF1752B1A21763 /* core_names.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		5AB5600569D1B69CB1266A47 /* hpke.h in Headers */ = {isa = PBXBuildFile; fileRef = 9E84BC8E7F09035F15435BFB /* hpke.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		5ACBB30C006B48BA1AA36836 /* ripemd.h in Headers */ = {isa = PBXBuildFile; fileRef = 95AEFBAA218707B77B33BDCF /* ripemd.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		5B97E69FDC6A2AA43EE3383D /* objects.h in Headers */ = {isa = PBXBuildFile; fileRef = 4E930F669E85DBA7D49452C6 /* objects.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		5C16AC5ACA5D01B44E6087FA /* crmf.h in Headers */ = {isa = PBXBuildFile; fileRef = AD02BB0F6231B04CF5E87F9E /* crmf.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -520,17 +532,19 @@
 		5CFB75F9C4E0D0FEC7C6807F /* rand.h in Headers */ = {isa = PBXBuildFile; fileRef = 55E37A2E83DDC127073C6854 /* rand.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		5D997C85A60FB8EC26C7AD2D /* opensslv.h in Headers */ = {isa = PBXBuildFile; fileRef = D8B4958D436BCCE874F389D4 /* opensslv.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		5DAF996D288B0058EE285DBE /* kdferr.h in Headers */ = {isa = PBXBuildFile; fileRef = 78DF5957E87C8F1DC66473C3 /* kdferr.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		5E26650A66044B6ACEA71ADC /* thread.h in Headers */ = {isa = PBXBuildFile; fileRef = 490FA5B3839A23871C3A1BBB /* thread.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		5E779B27332BD504A9DA2612 /* ess.h in Headers */ = {isa = PBXBuildFile; fileRef = 62EDFDCF6B3D2273215487AC /* ess.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		5F779F4922CBEFBB220E365C /* quic.h in Headers */ = {isa = PBXBuildFile; fileRef = 5693743FEF16005E4620BCD0 /* quic.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		5F87C394F71A2308D78610E6 /* err.h in Headers */ = {isa = PBXBuildFile; fileRef = 875432C55B5D29E178700DE3 /* err.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		5F8DA92B2A36B1262140754D /* evp.h in Headers */ = {isa = PBXBuildFile; fileRef = CCCE7E12734EB86646E288D1 /* evp.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		5FAA01A75748CA09E9394221 /* crypto.h in Headers */ = {isa = PBXBuildFile; fileRef = 07C7272C8FA80E237FC954C6 /* crypto.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		6045B9009BBDAC714249DED7 /* ts.h in Headers */ = {isa = PBXBuildFile; fileRef = A25540EA81EEF390359200FB /* ts.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		608F178C12C2B081ACD15B23 /* srp.h in Headers */ = {isa = PBXBuildFile; fileRef = 7A05363F75BBC98B1605F1C9 /* srp.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		618B6D3CC4E41334D90A7B29 /* randerr.h in Headers */ = {isa = PBXBuildFile; fileRef = B47C913FB4DCA7F3F1C63DDE /* randerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		619E304A0C79315434D58A68 /* OpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = 7E14226DFC71F8A8761A2446 /* OpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		619F2F42A1FBBC0F29806CEC /* ossl_typ.h in Headers */ = {isa = PBXBuildFile; fileRef = 38DDC2AFB44D5C288C1296D1 /* ossl_typ.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		61C295D326CD921867561146 /* core_dispatch.h in Headers */ = {isa = PBXBuildFile; fileRef = 9B53B85EF80B076F07B97360 /* core_dispatch.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		61D304BA4D28D0FAEC4B749D /* x509.h in Headers */ = {isa = PBXBuildFile; fileRef = E85BCA61F834533648E42FF4 /* x509.h */; settings = {ATTRIBUTES = (Public, ); }; };
-		62010AB9078B60D2D7D8BC4A /* OpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = C8D2F44803471457A6692DDB /* OpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		621B3ED8B4808D0F90775F6F /* e_os2.h in Headers */ = {isa = PBXBuildFile; fileRef = A0B56183F7628DE5FA1FE06E /* e_os2.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		622A0B1DC944540CB5A61690 /* tls1.h in Headers */ = {isa = PBXBuildFile; fileRef = 85A86153707B0F3081FED65E /* tls1.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		6265965DF0B5F18D04E95E3F /* async.h in Headers */ = {isa = PBXBuildFile; fileRef = 5D236A8722670EF17CABB367 /* async.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -544,7 +558,6 @@
 		63E7DBA72AFE236E6C3C14B7 /* rand.h in Headers */ = {isa = PBXBuildFile; fileRef = 421B27155B3864992E0F65FD /* rand.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		63E98C264689BD320B627E42 /* crmf.h in Headers */ = {isa = PBXBuildFile; fileRef = CA98449FDD51B58B7531B942 /* crmf.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		640A9EBD7F9D7ADD242BC2A1 /* dherr.h in Headers */ = {isa = PBXBuildFile; fileRef = A36BB62650262916D499594B /* dherr.h */; settings = {ATTRIBUTES = (Public, ); }; };
-		6422372CA17C3A816D549AE2 /* OpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = 9EDB1786864748E6C6BEE141 /* OpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		64243948C6F61DD83C9DE4CB /* dherr.h in Headers */ = {isa = PBXBuildFile; fileRef = CC9528D1F6EE1AF0189E7CD6 /* dherr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		6446FCEE510D4D0791A1CE15 /* stack.h in Headers */ = {isa = PBXBuildFile; fileRef = BEDF6AC7990148D6D640BBC6 /* stack.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		644CFDFF2EF982D8B9BF434C /* ec.h in Headers */ = {isa = PBXBuildFile; fileRef = 42CB6A6C79B52FA24B9EDBBF /* ec.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -592,6 +605,7 @@
 		6DF5FD38AB6CABD5DB99DFF8 /* objectserr.h in Headers */ = {isa = PBXBuildFile; fileRef = 42C122004EBE717A7D293E43 /* objectserr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		6E272068ADA16BF979680244 /* idea.h in Headers */ = {isa = PBXBuildFile; fileRef = 2B91C8E24A75CAF0B8909C80 /* idea.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		6E5A7599FD4632D194EDEAEF /* ssl2.h in Headers */ = {isa = PBXBuildFile; fileRef = 02FC635E4166A79B7BD038E2 /* ssl2.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		6E6D509CF8598A450E8CAEED /* OpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = 7E14226DFC71F8A8761A2446 /* OpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		6F130ACE2170309095DB57EA /* stack.h in Headers */ = {isa = PBXBuildFile; fileRef = 2F8165EE5D2B7E3305A36EDD /* stack.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		6F818383C08BDCD4886EAEEB /* ocsp.h in Headers */ = {isa = PBXBuildFile; fileRef = F0CBA0990ED1523B7B9A9747 /* ocsp.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		6F8A0BDED419D4DFF72C7FD8 /* tls1.h in Headers */ = {isa = PBXBuildFile; fileRef = 9AC2A7EC15A01471C6D7E671 /* tls1.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -603,7 +617,9 @@
 		70CADB6F24E41D7A346B2F98 /* ecerr.h in Headers */ = {isa = PBXBuildFile; fileRef = 50D9D5CFED05FC954C84F969 /* ecerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		70DE91E94EC33C29F1D86FCB /* ssl3.h in Headers */ = {isa = PBXBuildFile; fileRef = 70C7918C9D2A5C4740E94869 /* ssl3.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		710067245C8ACFE36E61A562 /* safestack.h in Headers */ = {isa = PBXBuildFile; fileRef = CF6AFCD344CDEAD91ADF877D /* safestack.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		713A16F5DA1583EB9110762B /* hpke.h in Headers */ = {isa = PBXBuildFile; fileRef = 8642A3DFDE400287BBA6D06F /* hpke.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		71563FEC4462E3D17F89BB21 /* async.h in Headers */ = {isa = PBXBuildFile; fileRef = 1C78616D855D3EB5F26D0076 /* async.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		717196CF2B32E68DF3A439E3 /* quic.h in Headers */ = {isa = PBXBuildFile; fileRef = CF42E9C84BCB182000702A74 /* quic.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		7172289743DA34E67DA48FAA /* cmserr.h in Headers */ = {isa = PBXBuildFile; fileRef = 6C1B7BD28625EF2B08784D47 /* cmserr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		717FC2DAFF17A9B8A9DFD183 /* provider.h in Headers */ = {isa = PBXBuildFile; fileRef = 88C481768B30B1CDD6231024 /* provider.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		71906620E0224C02A1DBD004 /* cmserr.h in Headers */ = {isa = PBXBuildFile; fileRef = EF2A5D0FDAE086FA4DB1D94B /* cmserr.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -614,6 +630,7 @@
 		724C87CF77FBAC1492BC890D /* evperr.h in Headers */ = {isa = PBXBuildFile; fileRef = EAC451E0664D10FF4A9B79CF /* evperr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		727981E811961FD717884F27 /* ui.h in Headers */ = {isa = PBXBuildFile; fileRef = 6120D33F6B9ABFEAF64130FD /* ui.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		7284B68F02FBFA024514ACB4 /* asn1err.h in Headers */ = {isa = PBXBuildFile; fileRef = 74A5FDCA3AFF2E7930D5C2C4 /* asn1err.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		72CDD4FC2A8760CB81AB6CC6 /* OpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = 7E14226DFC71F8A8761A2446 /* OpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		733215DF7663A71569E2A0AF /* provider.h in Headers */ = {isa = PBXBuildFile; fileRef = 94E553B0126B2AF7F4D9DF05 /* provider.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		73669C537A6DE0DD95496DA9 /* ebcdic.h in Headers */ = {isa = PBXBuildFile; fileRef = CB3E03C5A3FE63D873DF1DB2 /* ebcdic.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		73B9C4F16EC234699962DD3E /* dherr.h in Headers */ = {isa = PBXBuildFile; fileRef = 620D773A0A858DDE6458D809 /* dherr.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -623,6 +640,7 @@
 		743D8492C66AC81C630E35AE /* comp.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A458728C1A8DA48A53D4455 /* comp.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		744D0E84FF1D8C42DA182E55 /* engine.h in Headers */ = {isa = PBXBuildFile; fileRef = FA3EED817B5C0735A47DA489 /* engine.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		748576C3B5FE57FEF5E4A11B /* buffer.h in Headers */ = {isa = PBXBuildFile; fileRef = CE3C1770FAECFC478BC3AA6B /* buffer.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		74883CDFC51B9AE6294F0053 /* thread.h in Headers */ = {isa = PBXBuildFile; fileRef = 81BEFF56BE349D49943FA7D3 /* thread.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		7492A8BD9022C9998CD01480 /* asn1t.h in Headers */ = {isa = PBXBuildFile; fileRef = C4D2EEBE4ED721C31AB5F15B /* asn1t.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		749741A3444982BED2C49DD4 /* x509_vfy.h in Headers */ = {isa = PBXBuildFile; fileRef = 7EC5289DD084F7EC1CDA77A8 /* x509_vfy.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		74DFA883537D67322C642A13 /* ssl2.h in Headers */ = {isa = PBXBuildFile; fileRef = 1F249A92EB91FAA2942FD6F0 /* ssl2.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -634,6 +652,7 @@
 		75F06D044882CC92F4518B62 /* pkcs12.h in Headers */ = {isa = PBXBuildFile; fileRef = 6320833C5617F5996773DCB2 /* pkcs12.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		762E0E6FB1DCE67EFCE710A0 /* pkcs7err.h in Headers */ = {isa = PBXBuildFile; fileRef = 97F8C07957539FA072116018 /* pkcs7err.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		76694DE73163EB4D5B1F5B06 /* comperr.h in Headers */ = {isa = PBXBuildFile; fileRef = 8A585B852FACA790FC34A16D /* comperr.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		76AFB2DD271B88D75E0EC4FF /* thread.h in Headers */ = {isa = PBXBuildFile; fileRef = DE5EB365D619CF6272836764 /* thread.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		775A38ADFAEAA587BB1D80C3 /* rand.h in Headers */ = {isa = PBXBuildFile; fileRef = 7DDE849E0609AB233C4602CB /* rand.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		7772D3EEC04CEA74FDC7CFC8 /* bioerr.h in Headers */ = {isa = PBXBuildFile; fileRef = 5FFFF0738B5F141E1385581E /* bioerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		77757250381A1272281D584F /* modes.h in Headers */ = {isa = PBXBuildFile; fileRef = 3E9C5F81CB6FBFC30745D027 /* modes.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -665,6 +684,7 @@
 		7AED74E6B1DDDE7DDC02D2F5 /* err.h in Headers */ = {isa = PBXBuildFile; fileRef = 84C5B438C3253FFAAD35A668 /* err.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		7B0905D0C81D0AD80D8DB063 /* rc4.h in Headers */ = {isa = PBXBuildFile; fileRef = CF645AEC5D9624AAFDDB71F6 /* rc4.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		7B1B0F5424B563CC2A6BDEBE /* rc4.h in Headers */ = {isa = PBXBuildFile; fileRef = A28FD12C4519FC338862F817 /* rc4.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		7B2A9380C1EE19E9319E4E2C /* quic.h in Headers */ = {isa = PBXBuildFile; fileRef = 9F04D6DFF4EE3B6B4B19E7C0 /* quic.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		7B34A5BA120E9FCD2B095D90 /* conf.h in Headers */ = {isa = PBXBuildFile; fileRef = 911F0A6F34867341A14634AD /* conf.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		7B3B02F20C3911948145EB8F /* rc4.h in Headers */ = {isa = PBXBuildFile; fileRef = E3649CCC63B428922D7624C7 /* rc4.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		7B4B18283A35EC3443C6172C /* x509v3.h in Headers */ = {isa = PBXBuildFile; fileRef = 0B9DF99D54D770F6580ED0A3 /* x509v3.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -705,12 +725,14 @@
 		80F88CEBDAA2A523F4663194 /* srp.h in Headers */ = {isa = PBXBuildFile; fileRef = 35583D72A01A0076EA94833F /* srp.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		8104EEA550BD2FC80E60E31E /* obj_mac.h in Headers */ = {isa = PBXBuildFile; fileRef = 4149CAACE05069E543D9A6C2 /* obj_mac.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		81299900EEE15E303224F0A0 /* seed.h in Headers */ = {isa = PBXBuildFile; fileRef = 17C2F9622FC27ADED94CCFD6 /* seed.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		814856A79FCC7D7870742BE5 /* e_ostime.h in Headers */ = {isa = PBXBuildFile; fileRef = B0C110F767A684A6A3D58FF0 /* e_ostime.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		8160C2CA9AE754BB513EEFBD /* mdc2.h in Headers */ = {isa = PBXBuildFile; fileRef = BA85DE9205839D55AB24A66B /* mdc2.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		81B1FBCC7A2F3F759BF5AF8B /* ecdsa.h in Headers */ = {isa = PBXBuildFile; fileRef = 09D53A9BF5181338CF017F89 /* ecdsa.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		81DF8F3C8C9FCE05CA8FB331 /* hmac.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C1E82AD3B970BFE713A9289 /* hmac.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		8222605E7758F6101A8B8407 /* ecdh.h in Headers */ = {isa = PBXBuildFile; fileRef = D3232CED9C0920DA26A23D17 /* ecdh.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		822B2BC0F63F78DFD538ED04 /* rc5.h in Headers */ = {isa = PBXBuildFile; fileRef = 38110217EAD01D09CB01A6B7 /* rc5.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		8257C6AFE9DCA3559EA6F6F1 /* ssl.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A7ECDB3333DA91DCF624ED2 /* ssl.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		82713F30D24C9CCF0EF69DD2 /* hpke.h in Headers */ = {isa = PBXBuildFile; fileRef = 190B6CC5EB4C2661E3168A4A /* hpke.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		82E016A1BED2FBDEB446AD45 /* crmf.h in Headers */ = {isa = PBXBuildFile; fileRef = 3A4854E37D87C835B1D47753 /* crmf.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		82F57ACD22E31B9BA91147B0 /* ssl.h in Headers */ = {isa = PBXBuildFile; fileRef = 5FCE3BBA2C26CB101BC306DF /* ssl.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		8304AB17B65FF2BB53F89F78 /* pkcs7.h in Headers */ = {isa = PBXBuildFile; fileRef = B32C7E2D1F9BDB134C980017 /* pkcs7.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -917,6 +939,7 @@
 		A882D7E25086769E485EC86F /* blowfish.h in Headers */ = {isa = PBXBuildFile; fileRef = CE07A7269D194184C71FA68E /* blowfish.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		A89DC84973F22EC685916B3A /* cast.h in Headers */ = {isa = PBXBuildFile; fileRef = F257B4AB46749982B792A5F6 /* cast.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		A8A9F53588677E0C9E5FE735 /* txt_db.h in Headers */ = {isa = PBXBuildFile; fileRef = 202EFDE402F48D3FF4A70DA7 /* txt_db.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		A8AF5D43ADBAA976F96DDBF9 /* OpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = 7E14226DFC71F8A8761A2446 /* OpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		A8E8414CB58E9C5866D65757 /* fips_names.h in Headers */ = {isa = PBXBuildFile; fileRef = 26505C5C85330F549C598185 /* fips_names.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		A971F47E8D2FDE27A5CB16B0 /* core.h in Headers */ = {isa = PBXBuildFile; fileRef = 6C05F9D262129B528740C9B5 /* core.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		A9BEAA2D46DFF81DB19B1567 /* dtls1.h in Headers */ = {isa = PBXBuildFile; fileRef = 3B5BAFEC2FBC59FF4137F5E8 /* dtls1.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -939,6 +962,7 @@
 		AD86B7D592E837B064F3FB2D /* pkcs12err.h in Headers */ = {isa = PBXBuildFile; fileRef = 0CF451B3F5BB4CCB9E3EAF67 /* pkcs12err.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		AD93BB74D93DEACA436F5A1C /* tls1.h in Headers */ = {isa = PBXBuildFile; fileRef = 315DA8AA55950340DF2CC1B3 /* tls1.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		AD9D883109C8C88CBAE2031B /* libssl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 6FD991FF03A39BBFAC7AA6C7 /* libssl.a */; };
+		ADD2DEAF5A827D0537FAFD7D /* quic.h in Headers */ = {isa = PBXBuildFile; fileRef = FED1B84CF5DE8F5D7218F9C4 /* quic.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		ADD4DA5FE28E0118779698EA /* lhash.h in Headers */ = {isa = PBXBuildFile; fileRef = 9F23E46F3552299745DDB8A3 /* lhash.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		AE1B5562851AA33945CEA14A /* ocsp.h in Headers */ = {isa = PBXBuildFile; fileRef = 2F7DCA96684C67B578F88C00 /* ocsp.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		AE339B3D08E36201425B04DE /* trace.h in Headers */ = {isa = PBXBuildFile; fileRef = 5BCFD2A6E75D17F1EA6D8151 /* trace.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -978,6 +1002,7 @@
 		B38E8B6C343B95804CA94263 /* rc2.h in Headers */ = {isa = PBXBuildFile; fileRef = 4A27932B32073C278C14CB9F /* rc2.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		B3B37517CCF223304E9FADD3 /* cms.h in Headers */ = {isa = PBXBuildFile; fileRef = FF31BEC6EC31634954EFAD19 /* cms.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		B3C431AFC22D708F4579A88B /* rsa.h in Headers */ = {isa = PBXBuildFile; fileRef = DBAC0DF5B5A1B3A19DC4B2C8 /* rsa.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		B3CCC6F8B3FC5B6EA3A5453D /* thread.h in Headers */ = {isa = PBXBuildFile; fileRef = EE7E8FA8BE93CCC716243818 /* thread.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		B3CF5B5BE31ECE5AC468C1CD /* ct.h in Headers */ = {isa = PBXBuildFile; fileRef = CE7EB3072BC892226C25F235 /* ct.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		B3D5D5ACC2A6DB3AFBD4E846 /* params.h in Headers */ = {isa = PBXBuildFile; fileRef = EB6CCA3A4F152D20E68BEF51 /* params.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		B4020236762A5F357A9E72D5 /* x509err.h in Headers */ = {isa = PBXBuildFile; fileRef = 38345B6A55DBB593BF38E065 /* x509err.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -1003,6 +1028,7 @@
 		B878E6D844EADE855297409B /* asyncerr.h in Headers */ = {isa = PBXBuildFile; fileRef = 3055C992BEE903CFD0EADB90 /* asyncerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		B8ED77684F67BE713B1229D9 /* srtp.h in Headers */ = {isa = PBXBuildFile; fileRef = 7F90935A884CB4EA89C907CF /* srtp.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		B9047B205617411129C1C64C /* asn1.h in Headers */ = {isa = PBXBuildFile; fileRef = 7B51CB8EE1F4D96EB6007185 /* asn1.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		B907568DBB66EEB21DA556F8 /* thread.h in Headers */ = {isa = PBXBuildFile; fileRef = 264A016BBC3448DA4C4D9E6C /* thread.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		B9465178267162C822943F60 /* ssl.h in Headers */ = {isa = PBXBuildFile; fileRef = 886690ECBD04C06AB3399AD1 /* ssl.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		B9500BA96478983A202E2F29 /* pkcs7err.h in Headers */ = {isa = PBXBuildFile; fileRef = E6B0D3B4003758F9FB6ACFC1 /* pkcs7err.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		B9D4ED59A2EA27EAD46625A0 /* lhash.h in Headers */ = {isa = PBXBuildFile; fileRef = 112B4B286D80ED454089EBA0 /* lhash.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -1023,6 +1049,7 @@
 		BBF7FA69B33C020E5138DE60 /* evperr.h in Headers */ = {isa = PBXBuildFile; fileRef = 2D7A838E75F609220CAED081 /* evperr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		BBFB2ADD4F26EE15AB59E2DC /* core_object.h in Headers */ = {isa = PBXBuildFile; fileRef = BE6C849896022BBECC4FF937 /* core_object.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		BC33BA4A71B00A7259E5991F /* conf_api.h in Headers */ = {isa = PBXBuildFile; fileRef = 4FC09B4EDA57B67D03152F4D /* conf_api.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		BC348F88A738DBBBD08AE25A /* OpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = 7E14226DFC71F8A8761A2446 /* OpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		BC5AB5952C13426C96BEBD2E /* rsa.h in Headers */ = {isa = PBXBuildFile; fileRef = C165398CAE6C8D9721AC4D73 /* rsa.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		BCBA86B2FB6B2753D78A22E2 /* httperr.h in Headers */ = {isa = PBXBuildFile; fileRef = B7688A1D570C82CF8C3BFDEA /* httperr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		BCC0428F0BB50663B31C27EE /* x509_vfy.h in Headers */ = {isa = PBXBuildFile; fileRef = 7FD0BF19291BD6057A49E08A /* x509_vfy.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -1064,13 +1091,17 @@
 		C3ADAC532C80204B41B7D720 /* self_test.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C8251E6CB517C77B811B37B /* self_test.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		C3B855279A18D18050432460 /* asyncerr.h in Headers */ = {isa = PBXBuildFile; fileRef = D9B8ACEF49C5ED35832A359D /* asyncerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		C3B9ED65F7A4DB39F1129C51 /* fipskey.h in Headers */ = {isa = PBXBuildFile; fileRef = B566CE9AD5B08A3DE4E5AC84 /* fipskey.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		C3C4E2570722D92B59D49F30 /* OpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = 7E14226DFC71F8A8761A2446 /* OpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		C3DA9EAEDDDB8D1346756EB5 /* hmac.h in Headers */ = {isa = PBXBuildFile; fileRef = E075750220245924BD204ABD /* hmac.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		C3FF64CD61DB1BE659BD10D9 /* sha.h in Headers */ = {isa = PBXBuildFile; fileRef = 69D3E9252B08191AB2B514D1 /* sha.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		C40E3ABD38ADF4329F047F7E /* camellia.h in Headers */ = {isa = PBXBuildFile; fileRef = 953A145ED0D739A8C6650505 /* camellia.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		C434736598A65A40D737EBB0 /* sslerr.h in Headers */ = {isa = PBXBuildFile; fileRef = 9565DC2D5C0875EBE0AABFF6 /* sslerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		C47CCDA0A8A1D058AAD565E4 /* e_ostime.h in Headers */ = {isa = PBXBuildFile; fileRef = DF823CA75105088CD7C09373 /* e_ostime.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		C49CAAFD01B03B71473A5072 /* shim.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A7A9B46AC56A9D448A1D854 /* shim.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		C4C54D8AB487180E992108E0 /* e_ostime.h in Headers */ = {isa = PBXBuildFile; fileRef = FFFB0CE58E5DFED2BCE6F345 /* e_ostime.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		C50887A4F4457B756A7EDB29 /* macros.h in Headers */ = {isa = PBXBuildFile; fileRef = EC5A35CF84E59D2E65037554 /* macros.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		C529CCEB362F858156E01FBA /* symhacks.h in Headers */ = {isa = PBXBuildFile; fileRef = 563F77AD5688A58E86B0326B /* symhacks.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		C5705F9F6975FDBB4DC56C4D /* thread.h in Headers */ = {isa = PBXBuildFile; fileRef = E9CCF76F48078D8FD1160D65 /* thread.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		C58260E27C4543574D823788 /* bn.h in Headers */ = {isa = PBXBuildFile; fileRef = FAE26E4B276FA5940308B010 /* bn.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		C5B6B2101C21707A2141FF44 /* storeerr.h in Headers */ = {isa = PBXBuildFile; fileRef = FA5B848BF082D822F7A381F4 /* storeerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		C618670486F81904FDE0B5E2 /* x509v3err.h in Headers */ = {isa = PBXBuildFile; fileRef = FF236D17F56A4B4A457BC573 /* x509v3err.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -1100,6 +1131,7 @@
 		CBAA63A6D9090BB353D2A272 /* fips_names.h in Headers */ = {isa = PBXBuildFile; fileRef = 7CB77C74E2C513135ACA94C3 /* fips_names.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		CBAE0564B5B9D20956E4886C /* types.h in Headers */ = {isa = PBXBuildFile; fileRef = 1500D56F7E46ACDDDBDC0DAC /* types.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		CBF9C13B2B22030136E59BF3 /* opensslconf.h in Headers */ = {isa = PBXBuildFile; fileRef = D678D82CE506A089CDEDD6F0 /* opensslconf.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		CC01BFE3C3BAAE7885202703 /* quic.h in Headers */ = {isa = PBXBuildFile; fileRef = 03D2F62CD2307F602F11FD6A /* quic.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		CC06ED21B25279FB65422F8A /* proverr.h in Headers */ = {isa = PBXBuildFile; fileRef = E5C5522D413D07409539F1D3 /* proverr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		CC35863B3E26FB13464347EB /* core_names.h in Headers */ = {isa = PBXBuildFile; fileRef = 45D979D33C753B7D4558885D /* core_names.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		CC4C40E28062258786BB7B27 /* asn1t.h in Headers */ = {isa = PBXBuildFile; fileRef = 3810C93D167840D56B2C12A5 /* asn1t.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -1120,6 +1152,7 @@
 		CE263286E3AFF9FA95361471 /* conf.h in Headers */ = {isa = PBXBuildFile; fileRef = 097F4F64AD4C32E2862088D4 /* conf.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		CE7E2588CBD3517724305E67 /* seed.h in Headers */ = {isa = PBXBuildFile; fileRef = 44E4DC201DBFBBC743D6CD46 /* seed.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		CE8CB67D94D940DB85DA5767 /* kdf.h in Headers */ = {isa = PBXBuildFile; fileRef = 8B2A9509E0F7B1DE9812614B /* kdf.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		CECADA35C9054737F6C2AF10 /* e_ostime.h in Headers */ = {isa = PBXBuildFile; fileRef = 16CAAD34F507F87BDEC6F45B /* e_ostime.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		CEE76108B65CDEC9BE25A2A9 /* ecdsa.h in Headers */ = {isa = PBXBuildFile; fileRef = 86DCD9F25B78D6C8D53A6C85 /* ecdsa.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		CEEBB9B335D30205C0E4C30F /* symhacks.h in Headers */ = {isa = PBXBuildFile; fileRef = 1D3B294471722B5EFFF41D26 /* symhacks.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		CF22220FAB3A2BDE7493A95A /* sslerr_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = F1DAC243DA34D2C4DF5B74F0 /* sslerr_legacy.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -1133,11 +1166,11 @@
 		D01B0C257804F4D58042AE91 /* srtp.h in Headers */ = {isa = PBXBuildFile; fileRef = 1DA76EA29915A646D7909D8F /* srtp.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		D0279D42F7001ED1CDF23458 /* sslerr_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = 68B9D5BA8B1D734004F951CB /* sslerr_legacy.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		D0865D88B7AE537C0077A8E3 /* store.h in Headers */ = {isa = PBXBuildFile; fileRef = 98812EC67E48FD11A975619E /* store.h */; settings = {ATTRIBUTES = (Public, ); }; };
-		D08BD5EED1921943C8D5B7FC /* OpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = 91B68290DE49015488EB39C2 /* OpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		D0B78DDD635698A77F1DD2A9 /* evp.h in Headers */ = {isa = PBXBuildFile; fileRef = 2C9FF476148DC0F96F77774B /* evp.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		D0C4BAC1FBF443F9E89DEA64 /* rc2.h in Headers */ = {isa = PBXBuildFile; fileRef = 79E0A753F02BCE60C4A1CCC0 /* rc2.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		D127EB7E2752DAA9A1EC95E8 /* httperr.h in Headers */ = {isa = PBXBuildFile; fileRef = 67BC8004095D943FC75C64DC /* httperr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		D1411F6E37A92615EF67E775 /* cmac.h in Headers */ = {isa = PBXBuildFile; fileRef = 628104F51E48393BDCF98B74 /* cmac.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		D168954FDBAB82C93C21482A /* e_ostime.h in Headers */ = {isa = PBXBuildFile; fileRef = 99A4494C466604ED425FF9D0 /* e_ostime.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		D16A0A4D40DAEE038F1B687B /* bnerr.h in Headers */ = {isa = PBXBuildFile; fileRef = 3510AF16DD052E580DFFF05F /* bnerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		D18F914C143A186E95AA720E /* dtls1.h in Headers */ = {isa = PBXBuildFile; fileRef = 94CF8A92FEDB2C5A223E149F /* dtls1.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		D1AB53D4E380CA68EEC5DC05 /* x509_vfy.h in Headers */ = {isa = PBXBuildFile; fileRef = 894EEA36C344E14D9B7CBC31 /* x509_vfy.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -1171,8 +1204,11 @@
 		D567B0B19EF3A6AFE36AE5DA /* rsaerr.h in Headers */ = {isa = PBXBuildFile; fileRef = AB8D6D98C9E9ACEA555DDC5E /* rsaerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		D5923BCB47C8C1D3170B286D /* decodererr.h in Headers */ = {isa = PBXBuildFile; fileRef = E9E6A66DCF9D45F12B7518F4 /* decodererr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		D5F3C2ADE42DEA1CB03B30E9 /* cms.h in Headers */ = {isa = PBXBuildFile; fileRef = 81DA2B1D99DAB37907148BA8 /* cms.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		D5F8B4F9D0DDBED78C4744FB /* thread.h in Headers */ = {isa = PBXBuildFile; fileRef = CECD89BFDB53774306EA2776 /* thread.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		D61638AD993A38BB14016692 /* PrivacyInfo.xcprivacy in Resources */ = {isa = PBXBuildFile; fileRef = CD20DE50707AD73FB57BFCD5 /* PrivacyInfo.xcprivacy */; };
 		D63A195A8143D2015B54DA95 /* core_dispatch.h in Headers */ = {isa = PBXBuildFile; fileRef = 85E627BE5F47ACED787A238B /* core_dispatch.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		D6676352F31E358C487847AF /* quic.h in Headers */ = {isa = PBXBuildFile; fileRef = 6F1A2ED264A8872A7682ADBC /* quic.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		D6F4096B20F5630D63EF0D3A /* hpke.h in Headers */ = {isa = PBXBuildFile; fileRef = 59E2BE985F0A006A9757778B /* hpke.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		D6F70D543730B6FD4E46CD1E /* encoder.h in Headers */ = {isa = PBXBuildFile; fileRef = 2E071C29790105AB2618510C /* encoder.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		D70E2EFE19802ACEFECF67E4 /* des.h in Headers */ = {isa = PBXBuildFile; fileRef = CDF6CEFAB82AE6CABA8AD669 /* des.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		D730886F77EAB610D288F1A1 /* bio.h in Headers */ = {isa = PBXBuildFile; fileRef = A61D4B304C6740C59524023E /* bio.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -1227,7 +1263,9 @@
 		DF9AF6EEFFC3522AA81E0B80 /* ssl2.h in Headers */ = {isa = PBXBuildFile; fileRef = D1A4CF315473D10ED602CFB5 /* ssl2.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		E083D701B4FADBE3903E5E46 /* libcrypto.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E5E925B1FA64422240177983 /* libcrypto.a */; };
 		E1EA7FD83B344316E7404977 /* sslerr.h in Headers */ = {isa = PBXBuildFile; fileRef = 92499BEDCA4F95E7DAF620B6 /* sslerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		E22833279BC721BEC0B6FE0F /* hpke.h in Headers */ = {isa = PBXBuildFile; fileRef = 25A3E9B946A8250068D58162 /* hpke.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		E24211A09FBF8981783A5FA7 /* ts.h in Headers */ = {isa = PBXBuildFile; fileRef = 42BD0E79A85DDE48F27B07AF /* ts.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		E27A0FD0BCCAFE1D9C731439 /* hpke.h in Headers */ = {isa = PBXBuildFile; fileRef = 383C8A5319576F7AD3BBCD96 /* hpke.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		E27C8D3A04E4BD31C7833AF6 /* asn1.h in Headers */ = {isa = PBXBuildFile; fileRef = 51B9C2FE5B6B36DE268EEF41 /* asn1.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		E2D61ADAAB0B6242B342C84F /* esserr.h in Headers */ = {isa = PBXBuildFile; fileRef = 921B24491D94EE322A84EA6E /* esserr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		E2E0C9E852CAEDB7CB7A089A /* asn1err.h in Headers */ = {isa = PBXBuildFile; fileRef = 9EC20C9F06A56B5CCEBB6729 /* asn1err.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -1273,12 +1311,14 @@
 		E99F2A24A2A865657EF00A51 /* x509err.h in Headers */ = {isa = PBXBuildFile; fileRef = 0A63A9CFF06EF6A8031D1818 /* x509err.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		E9AAA792E7308A81B048E1F8 /* encoder.h in Headers */ = {isa = PBXBuildFile; fileRef = 7D8829A6210613004EB1330B /* encoder.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		E9C456D2ABB5DB883DBC133E /* cmperr.h in Headers */ = {isa = PBXBuildFile; fileRef = CC9AC969DFF12B644D99DF65 /* cmperr.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		E9C500DF4673B8E7B41418F2 /* e_ostime.h in Headers */ = {isa = PBXBuildFile; fileRef = 5E994EBA75692A2B3A1CB8A5 /* e_ostime.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		E9C982F75EDF8B1AFC00DB2E /* tserr.h in Headers */ = {isa = PBXBuildFile; fileRef = 41E794CAA6A79679CDC4E524 /* tserr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		E9FEA6629DB9647165B707E5 /* self_test.h in Headers */ = {isa = PBXBuildFile; fileRef = E7647F1522D094376ABBA6D8 /* self_test.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		EA0337DA5F433A54F70A1E59 /* uierr.h in Headers */ = {isa = PBXBuildFile; fileRef = 9FED7C431BED4DB57B51A8D0 /* uierr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		EA2B3CE7F4D7AAA7CFDDAD6B /* symhacks.h in Headers */ = {isa = PBXBuildFile; fileRef = 2760499CCCC0FA29B7DD6FB6 /* symhacks.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		EA2D13219F0D3867AED1AFA6 /* dherr.h in Headers */ = {isa = PBXBuildFile; fileRef = 2F0767AE70BF14E10D070A19 /* dherr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		EA50EA2D818DB49CC78CB36B /* srp.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C4E1CECD2957C7804F01B46 /* srp.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		EA7AC30D3D2E4252EC5B2FE8 /* e_ostime.h in Headers */ = {isa = PBXBuildFile; fileRef = 7FA92DB50774F165A25040D5 /* e_ostime.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		EA8B30307C95E16F81511164 /* bn.h in Headers */ = {isa = PBXBuildFile; fileRef = 958511438E987C0E5907CF3C /* bn.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		EAA61CE7CCE6D43E71AA94DE /* kdferr.h in Headers */ = {isa = PBXBuildFile; fileRef = DE7C7D6AAE37A2F5A53D82C8 /* kdferr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		EAAFA899F9DBDD3733A10B43 /* rc2.h in Headers */ = {isa = PBXBuildFile; fileRef = 028B1C4D591824704AEE7E09 /* rc2.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -1306,6 +1346,7 @@
 		EECBBE0B240D13FBA5D54B2D /* shim.h in Headers */ = {isa = PBXBuildFile; fileRef = 31F3F1C45FDCA5CAFF431693 /* shim.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		EF3D3FEAFD487F543410C77F /* pkcs7.h in Headers */ = {isa = PBXBuildFile; fileRef = E442389723A289F4C8CEEA96 /* pkcs7.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		EF469CD3AC328F8F1C2D8E8F /* ecdh.h in Headers */ = {isa = PBXBuildFile; fileRef = B5E1174BDBBE69390F071B9E /* ecdh.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		EF8248BD72729CFB6A08BEB1 /* quic.h in Headers */ = {isa = PBXBuildFile; fileRef = F0485C4FB820E5381173A974 /* quic.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		EF9C823E47B43BFE770237FF /* cryptoerr.h in Headers */ = {isa = PBXBuildFile; fileRef = 2B607B9501FBA41F57FE5FB5 /* cryptoerr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		EFA65D19DF31FDADC71DE0BB /* ossl_typ.h in Headers */ = {isa = PBXBuildFile; fileRef = 5584A8163E43BAB2F7C9F23B /* ossl_typ.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		EFB69F4038D2226AB5EB3123 /* params.h in Headers */ = {isa = PBXBuildFile; fileRef = F310685792E3E56B9310A212 /* params.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -1330,6 +1371,7 @@
 		F4BDF04E756B61B8C0D0ABC5 /* libssl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 6B8325698D6497A249512405 /* libssl.a */; };
 		F4FC5165C53B176FA87EBA4A /* buffererr.h in Headers */ = {isa = PBXBuildFile; fileRef = 76411F3AFE12826DF37A77F5 /* buffererr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		F507051A2015FBAE63A66E03 /* seed.h in Headers */ = {isa = PBXBuildFile; fileRef = 1276758E7F69A3827D0928DD /* seed.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		F535CD5F3CA17D3B7AD569C3 /* thread.h in Headers */ = {isa = PBXBuildFile; fileRef = E39E2944DA957015BFBC62C1 /* thread.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		F536048BD39204328720396A /* cms.h in Headers */ = {isa = PBXBuildFile; fileRef = 4E2518176D5B5E0B12F39C79 /* cms.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		F53637E63107AD2550DD0676 /* ossl_typ.h in Headers */ = {isa = PBXBuildFile; fileRef = 88707E9F993FC1B665E43005 /* ossl_typ.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		F545584725B77E0A3097F4FC /* tserr.h in Headers */ = {isa = PBXBuildFile; fileRef = DE46D988438DF710978E4A6E /* tserr.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -1348,9 +1390,9 @@
 		F77659259E9CF064EADC265A /* ssl.h in Headers */ = {isa = PBXBuildFile; fileRef = D6910E0B9F6B33D518C11BA1 /* ssl.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		F7EB155912F46FF1FC596806 /* kdferr.h in Headers */ = {isa = PBXBuildFile; fileRef = 5F176945F02A95D522EDB913 /* kdferr.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		F7F5FF65607043ECC0E941F4 /* decodererr.h in Headers */ = {isa = PBXBuildFile; fileRef = 93D3C9D651C80685C80BE37E /* decodererr.h */; settings = {ATTRIBUTES = (Public, ); }; };
-		F7FA060C692405BFEA81FB2E /* OpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = 34959D5AF4ED86D7BEDAA357 /* OpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		F8A29CA1B7A196574BDA61B9 /* trace.h in Headers */ = {isa = PBXBuildFile; fileRef = 5965B6C298C062B914FAE2C4 /* trace.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		F8CDD8646230E9FDE7D33B66 /* lhash.h in Headers */ = {isa = PBXBuildFile; fileRef = D59CFD3DCD90ABFAB20AD9C0 /* lhash.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		F900CECC7DC644E23A6EC62D /* hpke.h in Headers */ = {isa = PBXBuildFile; fileRef = 8C65A57ABA86D465E1841487 /* hpke.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		F918A94C16E64973D98675C8 /* pkcs7.h in Headers */ = {isa = PBXBuildFile; fileRef = 6AA1572652AFC02649AA2848 /* pkcs7.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		F9992D5CE64E36EBFBDA08E1 /* ecdh.h in Headers */ = {isa = PBXBuildFile; fileRef = 86F89D86863E3B2D97999695 /* ecdh.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		F9A0392CA390E6C639DCC651 /* pkcs7.h in Headers */ = {isa = PBXBuildFile; fileRef = D4FEC537487B758919C902F5 /* pkcs7.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -1522,6 +1564,7 @@
 		0364AE25EC6FD2BB69A2CCAD /* storeerr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = storeerr.h; sourceTree = "<group>"; };
 		037C77F003AAFA0D3DC8311A /* macros.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = macros.h; sourceTree = "<group>"; };
 		03C5406DDC91BB9939ED47D8 /* engineerr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = engineerr.h; sourceTree = "<group>"; };
+		03D2F62CD2307F602F11FD6A /* quic.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = quic.h; sourceTree = "<group>"; };
 		03E94F2CABD017FDAE9BF893 /* randerr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = randerr.h; sourceTree = "<group>"; };
 		03EED584D5069D9DA8BFDCBB /* srtp.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = srtp.h; sourceTree = "<group>"; };
 		03F401BE041495230F64FC21 /* modes.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = modes.h; sourceTree = "<group>"; };
@@ -1568,6 +1611,7 @@
 		0B9DF99D54D770F6580ED0A3 /* x509v3.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = x509v3.h; sourceTree = "<group>"; };
 		0BB22D659B7F337E7FB1B9A0 /* obj_mac.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = obj_mac.h; sourceTree = "<group>"; };
 		0BBC589E93F68C127358DB22 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = Info.plist; sourceTree = "<group>"; };
+		0BD49B1916C23C6E74B12885 /* hpke.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = hpke.h; sourceTree = "<group>"; };
 		0C4CFA66E97D448DDFB264CD /* cryptoerr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cryptoerr.h; sourceTree = "<group>"; };
 		0C64CFA26ACBC1825BD90FEF /* opensslconf.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = opensslconf.h; sourceTree = "<group>"; };
 		0C8251E6CB517C77B811B37B /* self_test.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = self_test.h; sourceTree = "<group>"; };
@@ -1618,6 +1662,7 @@
 		1649D689D51D7407872A7EFE /* pkcs12.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = pkcs12.h; sourceTree = "<group>"; };
 		165E55137D03F6ECD40DD68C /* libcrypto.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libcrypto.a; sourceTree = "<group>"; };
 		1665599D638EBD7AF5418ABF /* whrlpool.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = whrlpool.h; sourceTree = "<group>"; };
+		16CAAD34F507F87BDEC6F45B /* e_ostime.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = e_ostime.h; sourceTree = "<group>"; };
 		16D733238863EC94A4052C11 /* evp.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = evp.h; sourceTree = "<group>"; };
 		16F757E6BE0BC729D9920474 /* fips_names.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = fips_names.h; sourceTree = "<group>"; };
 		171E44DDB72A65BC6DD9DC73 /* stack.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = stack.h; sourceTree = "<group>"; };
@@ -1632,6 +1677,7 @@
 		17E3551F1F1236078D680D14 /* cmac.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cmac.h; sourceTree = "<group>"; };
 		18AA7304B3EE8050CB693ED9 /* conf_api.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = conf_api.h; sourceTree = "<group>"; };
 		18BC976856DEC375D5D48971 /* cmserr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cmserr.h; sourceTree = "<group>"; };
+		190B6CC5EB4C2661E3168A4A /* hpke.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = hpke.h; sourceTree = "<group>"; };
 		193859BC4B5199EC46C8D832 /* core_names.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = core_names.h; sourceTree = "<group>"; };
 		194103E6251C02AB1E43F220 /* lhash.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = lhash.h; sourceTree = "<group>"; };
 		19BA13B555702CA706F61D82 /* randerr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = randerr.h; sourceTree = "<group>"; };
@@ -1670,6 +1716,7 @@
 		1FB7354255A5FD83E209A8F0 /* whrlpool.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = whrlpool.h; sourceTree = "<group>"; };
 		1FECB32D8857CC0192667932 /* x509err.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = x509err.h; sourceTree = "<group>"; };
 		1FEEDA8E6B25C5C57450D0FE /* md5.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = md5.h; sourceTree = "<group>"; };
+		1FFF43C3AED633E4211DEB32 /* quic.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = quic.h; sourceTree = "<group>"; };
 		202EFDE402F48D3FF4A70DA7 /* txt_db.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = txt_db.h; sourceTree = "<group>"; };
 		207BEE5163BA8E1718F5C2BF /* decoder.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = decoder.h; sourceTree = "<group>"; };
 		2089F71C31499568B996BC4E /* rsa.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = rsa.h; sourceTree = "<group>"; };
@@ -1697,10 +1744,12 @@
 		25575FDE5585CC316A97E10D /* libssl.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libssl.a; sourceTree = "<group>"; };
 		2569F41A67CA98BB31FFC709 /* cmac.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cmac.h; sourceTree = "<group>"; };
 		256E29C0F3C47261338F7FE4 /* comperr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = comperr.h; sourceTree = "<group>"; };
+		25A3E9B946A8250068D58162 /* hpke.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = hpke.h; sourceTree = "<group>"; };
 		26065A346D822C49295AB12D /* cms.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cms.h; sourceTree = "<group>"; };
 		2626EC58CFDB641D274A21B9 /* evperr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = evperr.h; sourceTree = "<group>"; };
 		262DAEC63FC95FBB1B81CDCA /* params.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = params.h; sourceTree = "<group>"; };
 		26448C9683693C98C5FF7DE5 /* srp.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = srp.h; sourceTree = "<group>"; };
+		264A016BBC3448DA4C4D9E6C /* thread.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = thread.h; sourceTree = "<group>"; };
 		26505C5C85330F549C598185 /* fips_names.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = fips_names.h; sourceTree = "<group>"; };
 		265D2A1332445DA74D07FF55 /* configuration.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = configuration.h; sourceTree = "<group>"; };
 		2673850595BF7C7667163D58 /* ecdh.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ecdh.h; sourceTree = "<group>"; };
@@ -1780,7 +1829,6 @@
 		342559342455367DE56C7272 /* evp.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = evp.h; sourceTree = "<group>"; };
 		343258EBF9207710DCF8FD6A /* ebcdic.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ebcdic.h; sourceTree = "<group>"; };
 		343671AC037AC0843F0F4E18 /* obj_mac.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = obj_mac.h; sourceTree = "<group>"; };
-		34959D5AF4ED86D7BEDAA357 /* OpenSSL.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OpenSSL.h; sourceTree = "<group>"; };
 		34ACBC3991F158F8156B329C /* kdferr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = kdferr.h; sourceTree = "<group>"; };
 		34DB9DBA053C9D8250AD2089 /* tls1.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = tls1.h; sourceTree = "<group>"; };
 		34E916917C094926699362D1 /* objectserr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = objectserr.h; sourceTree = "<group>"; };
@@ -1801,6 +1849,7 @@
 		3810C93D167840D56B2C12A5 /* asn1t.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = asn1t.h; sourceTree = "<group>"; };
 		38110217EAD01D09CB01A6B7 /* rc5.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = rc5.h; sourceTree = "<group>"; };
 		38345B6A55DBB593BF38E065 /* x509err.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = x509err.h; sourceTree = "<group>"; };
+		383C8A5319576F7AD3BBCD96 /* hpke.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = hpke.h; sourceTree = "<group>"; };
 		387D363BC9EE09B3739EFA71 /* cmac.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cmac.h; sourceTree = "<group>"; };
 		38DDC2AFB44D5C288C1296D1 /* ossl_typ.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ossl_typ.h; sourceTree = "<group>"; };
 		38FED88B426D2D7575833A35 /* pkcs12err.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = pkcs12err.h; sourceTree = "<group>"; };
@@ -1813,6 +1862,7 @@
 		3A91E0D6D81BB3FA96915331 /* comp.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = comp.h; sourceTree = "<group>"; };
 		3A982A2CB0130EBAD63EFBF3 /* safestack.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = safestack.h; sourceTree = "<group>"; };
 		3AA3F2F85D6B15C3B5A56AB0 /* fipskey.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = fipskey.h; sourceTree = "<group>"; };
+		3ABB10DC5797C78C86EAAF96 /* quic.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = quic.h; sourceTree = "<group>"; };
 		3AC18E5A3E4161FFB93D5CCD /* sslerr_legacy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = sslerr_legacy.h; sourceTree = "<group>"; };
 		3AD97934F887021D6CCAE3A7 /* asn1err.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = asn1err.h; sourceTree = "<group>"; };
 		3AF704DBD22BCFDE8685939E /* buffererr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = buffererr.h; sourceTree = "<group>"; };
@@ -1827,7 +1877,6 @@
 		3CDFB625226C6B43CE2D8DB1 /* dtls1.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = dtls1.h; sourceTree = "<group>"; };
 		3D03DA1114DF90CF2ABCA1A9 /* cryptoerr_legacy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cryptoerr_legacy.h; sourceTree = "<group>"; };
 		3D16AE2FE1056F3ACC65B399 /* camellia.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = camellia.h; sourceTree = "<group>"; };
-		3D1E4EDFFB8A21D8C21AF1AB /* OpenSSL.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OpenSSL.h; sourceTree = "<group>"; };
 		3D7A2E17639779AACA75E020 /* ecdsa.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ecdsa.h; sourceTree = "<group>"; };
 		3D7FFB3388A1E430383343DF /* fips_names.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = fips_names.h; sourceTree = "<group>"; };
 		3D8A7E62C0CF2AF3417C8135 /* whrlpool.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = whrlpool.h; sourceTree = "<group>"; };
@@ -1848,7 +1897,6 @@
 		3F522B7C81B40AB8C530685F /* self_test.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = self_test.h; sourceTree = "<group>"; };
 		3FC4C880C33210EE2B5ADDD6 /* ecdsa.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ecdsa.h; sourceTree = "<group>"; };
 		3FFD27D4711D8F1EFD8F2F45 /* objects.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = objects.h; sourceTree = "<group>"; };
-		402F3A62F32C2933D12132DE /* OpenSSL.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OpenSSL.h; sourceTree = "<group>"; };
 		402F7C57C84CC7C8AB126F6C /* x509v3err.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = x509v3err.h; sourceTree = "<group>"; };
 		405168850DFDDA9306520D4A /* bnerr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = bnerr.h; sourceTree = "<group>"; };
 		406E757586B7D33EFC5778DA /* kdf.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = kdf.h; sourceTree = "<group>"; };
@@ -1911,6 +1959,7 @@
 		485D5B51C0E2A691C6DBB486 /* md4.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = md4.h; sourceTree = "<group>"; };
 		487E920FDB5170F23A06C0B3 /* cmac.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cmac.h; sourceTree = "<group>"; };
 		48F5C9EEA4A67900A73B2BAA /* ssl2.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ssl2.h; sourceTree = "<group>"; };
+		490FA5B3839A23871C3A1BBB /* thread.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = thread.h; sourceTree = "<group>"; };
 		49235C453E88D63810AB167B /* core_dispatch.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = core_dispatch.h; sourceTree = "<group>"; };
 		49387CC6B6BC55F06BBCDAD5 /* pkcs7.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = pkcs7.h; sourceTree = "<group>"; };
 		498A4E142FBD723C99C7E374 /* provider.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = provider.h; sourceTree = "<group>"; };
@@ -1997,7 +2046,9 @@
 		563F77AD5688A58E86B0326B /* symhacks.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = symhacks.h; sourceTree = "<group>"; };
 		567F79F37C256F6DFEBA36DC /* txt_db.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = txt_db.h; sourceTree = "<group>"; };
 		56928E50A7CA76C52607EA1D /* comperr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = comperr.h; sourceTree = "<group>"; };
+		5693743FEF16005E4620BCD0 /* quic.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = quic.h; sourceTree = "<group>"; };
 		56F8A2E48FECB8CD5B725C67 /* cms.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cms.h; sourceTree = "<group>"; };
+		5705B5156AB691810ABB5409 /* thread.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = thread.h; sourceTree = "<group>"; };
 		57086C953A8871542F80557D /* buffererr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = buffererr.h; sourceTree = "<group>"; };
 		57E2749E6B1D0948A293E0FE /* asn1t.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = asn1t.h; sourceTree = "<group>"; };
 		5859DBD990DB33CBFD67406B /* cmp_util.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cmp_util.h; sourceTree = "<group>"; };
@@ -2013,6 +2064,7 @@
 		59959F1B0518BE74B17A8991 /* prov_ssl.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = prov_ssl.h; sourceTree = "<group>"; };
 		59A81235D7B170C32B3ED3BC /* storeerr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = storeerr.h; sourceTree = "<group>"; };
 		59BC78A878EB32282D6114F2 /* lhash.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = lhash.h; sourceTree = "<group>"; };
+		59E2BE985F0A006A9757778B /* hpke.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = hpke.h; sourceTree = "<group>"; };
 		5A3B9988067483C590060E48 /* OpenSSL.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = OpenSSL.framework; sourceTree = BUILT_PRODUCTS_DIR; };
 		5A4C57C80C05AFA780C03082 /* param_build.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = param_build.h; sourceTree = "<group>"; };
 		5A5A730F0044794A4D19E911 /* symhacks.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = symhacks.h; sourceTree = "<group>"; };
@@ -2043,6 +2095,7 @@
 		5E3F9819D03EC500B61A5579 /* cmp.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cmp.h; sourceTree = "<group>"; };
 		5E5A9B68E6EB3FB30404AA26 /* cmperr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cmperr.h; sourceTree = "<group>"; };
 		5E654DA486CECAE2803FAB0A /* obj_mac.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = obj_mac.h; sourceTree = "<group>"; };
+		5E994EBA75692A2B3A1CB8A5 /* e_ostime.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = e_ostime.h; sourceTree = "<group>"; };
 		5EABBAACCB91DA4273BA36A7 /* tls1.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = tls1.h; sourceTree = "<group>"; };
 		5EF1DDAA3D0D74BB9216F119 /* fipskey.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = fipskey.h; sourceTree = "<group>"; };
 		5F00A57A39009076ED4BA1C3 /* md5.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = md5.h; sourceTree = "<group>"; };
@@ -2129,6 +2182,7 @@
 		6E565C8A66CAB0B72ED44CC3 /* pkcs7err.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = pkcs7err.h; sourceTree = "<group>"; };
 		6E60EC6358276371BDFB85A8 /* md2.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = md2.h; sourceTree = "<group>"; };
 		6EEDC8D98914144FAE534546 /* encodererr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = encodererr.h; sourceTree = "<group>"; };
+		6F1A2ED264A8872A7682ADBC /* quic.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = quic.h; sourceTree = "<group>"; };
 		6F1BCF41A8F28992EB6D33E1 /* cms.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cms.h; sourceTree = "<group>"; };
 		6F6BD1C9D973C5CE08F61C02 /* conf_api.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = conf_api.h; sourceTree = "<group>"; };
 		6F9100949A44BDE4D3F5902E /* pkcs7err.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = pkcs7err.h; sourceTree = "<group>"; };
@@ -2204,11 +2258,13 @@
 		7DCBCE79BDFA82140C7ACC54 /* fips_names.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = fips_names.h; sourceTree = "<group>"; };
 		7DDE849E0609AB233C4602CB /* rand.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = rand.h; sourceTree = "<group>"; };
 		7E069D672281873AE1569E4E /* httperr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = httperr.h; sourceTree = "<group>"; };
+		7E14226DFC71F8A8761A2446 /* OpenSSL.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OpenSSL.h; sourceTree = "<group>"; };
 		7EC5289DD084F7EC1CDA77A8 /* x509_vfy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = x509_vfy.h; sourceTree = "<group>"; };
 		7EFDE9A03D5B9BC74324ABE4 /* ssl.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ssl.h; sourceTree = "<group>"; };
 		7F639705F77D0F933F74B8E6 /* tserr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = tserr.h; sourceTree = "<group>"; };
 		7F659F1EB750F6F732810613 /* bioerr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = bioerr.h; sourceTree = "<group>"; };
 		7F90935A884CB4EA89C907CF /* srtp.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = srtp.h; sourceTree = "<group>"; };
+		7FA92DB50774F165A25040D5 /* e_ostime.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = e_ostime.h; sourceTree = "<group>"; };
 		7FD0BF19291BD6057A49E08A /* x509_vfy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = x509_vfy.h; sourceTree = "<group>"; };
 		7FD43D62FD5619429CB1F60B /* asn1t.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = asn1t.h; sourceTree = "<group>"; };
 		8076B580BB3CB71396662E9E /* e_os2.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = e_os2.h; sourceTree = "<group>"; };
@@ -2219,6 +2275,7 @@
 		8120C1387BA8241B138D03E4 /* obj_mac.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = obj_mac.h; sourceTree = "<group>"; };
 		8133F100B3FF75005590454E /* proverr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = proverr.h; sourceTree = "<group>"; };
 		81B734B1AC14E7872A14BD0D /* cmp_util.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cmp_util.h; sourceTree = "<group>"; };
+		81BEFF56BE349D49943FA7D3 /* thread.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = thread.h; sourceTree = "<group>"; };
 		81DA2B1D99DAB37907148BA8 /* cms.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cms.h; sourceTree = "<group>"; };
 		81E65F4461DFFAA2EC6C1558 /* dsaerr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = dsaerr.h; sourceTree = "<group>"; };
 		81E96FA8528826F66A07ECF9 /* store.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = store.h; sourceTree = "<group>"; };
@@ -2243,6 +2300,8 @@
 		85BB057ADCBACBBA6C81C925 /* lhash.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = lhash.h; sourceTree = "<group>"; };
 		85E627BE5F47ACED787A238B /* core_dispatch.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = core_dispatch.h; sourceTree = "<group>"; };
 		85E8C5BEC24C740962276C62 /* bio.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = bio.h; sourceTree = "<group>"; };
+		8602928B4AAD6EEED2F26768 /* thread.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = thread.h; sourceTree = "<group>"; };
+		8642A3DFDE400287BBA6D06F /* hpke.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = hpke.h; sourceTree = "<group>"; };
 		8685B8E11B14A4F9406CFFA2 /* ocsp.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ocsp.h; sourceTree = "<group>"; };
 		86DCD9F25B78D6C8D53A6C85 /* ecdsa.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ecdsa.h; sourceTree = "<group>"; };
 		86F89D86863E3B2D97999695 /* ecdh.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ecdh.h; sourceTree = "<group>"; };
@@ -2280,6 +2339,7 @@
 		8BF18AD9274EB5B16AB758F2 /* fipskey.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = fipskey.h; sourceTree = "<group>"; };
 		8C24E12234BAB6C59960A563 /* dsa.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = dsa.h; sourceTree = "<group>"; };
 		8C299F1649A19DB0551BB34C /* sslerr_legacy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = sslerr_legacy.h; sourceTree = "<group>"; };
+		8C65A57ABA86D465E1841487 /* hpke.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = hpke.h; sourceTree = "<group>"; };
 		8CC67B2B4580F038F9B9504C /* tserr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = tserr.h; sourceTree = "<group>"; };
 		8D21FB68F541470227F26104 /* buffer.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = buffer.h; sourceTree = "<group>"; };
 		8D24616A119E1A40DFC30B2A /* crmferr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = crmferr.h; sourceTree = "<group>"; };
@@ -2305,7 +2365,6 @@
 		90D0FBDFDFDA3A01157DBA58 /* http.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = http.h; sourceTree = "<group>"; };
 		911F0A6F34867341A14634AD /* conf.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = conf.h; sourceTree = "<group>"; };
 		912B4EAD5A6431EEB9D3981A /* ecdh.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ecdh.h; sourceTree = "<group>"; };
-		91B68290DE49015488EB39C2 /* OpenSSL.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OpenSSL.h; sourceTree = "<group>"; };
 		91C4C2AD006532C0038EDFEB /* proverr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = proverr.h; sourceTree = "<group>"; };
 		921B24491D94EE322A84EA6E /* esserr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = esserr.h; sourceTree = "<group>"; };
 		92317BDF3F92E03C4E24DE15 /* decoder.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = decoder.h; sourceTree = "<group>"; };
@@ -2344,6 +2403,7 @@
 		9954D5FE7C9D4AC8D2050DE1 /* comperr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = comperr.h; sourceTree = "<group>"; };
 		995C39CC5E9D0B43FBDA192C /* modes.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = modes.h; sourceTree = "<group>"; };
 		995EF9F07156C00A052A6FCC /* x509_vfy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = x509_vfy.h; sourceTree = "<group>"; };
+		99A4494C466604ED425FF9D0 /* e_ostime.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = e_ostime.h; sourceTree = "<group>"; };
 		9A25B740B6F7F4AAA9BAC560 /* buffererr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = buffererr.h; sourceTree = "<group>"; };
 		9A2D0B84C997A224706EDA1E /* core.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = core.h; sourceTree = "<group>"; };
 		9AC2A7EC15A01471C6D7E671 /* tls1.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = tls1.h; sourceTree = "<group>"; };
@@ -2357,7 +2417,6 @@
 		9BE2A704F2CC399B98695E87 /* OpenSSL.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = OpenSSL.framework; sourceTree = BUILT_PRODUCTS_DIR; };
 		9BEE0B2948F059D6164ECF7A /* symhacks.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = symhacks.h; sourceTree = "<group>"; };
 		9C0A06BD0981908AD68D7188 /* des.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = des.h; sourceTree = "<group>"; };
-		9C5825B655693C39829EC716 /* OpenSSL.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OpenSSL.h; sourceTree = "<group>"; };
 		9C65D3752CE73FDD24EFADD6 /* ebcdic.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ebcdic.h; sourceTree = "<group>"; };
 		9C6E29BFF615E0A3B5B07590 /* crmf.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = crmf.h; sourceTree = "<group>"; };
 		9C7DC29ED6845CB8EDEA969A /* crypto.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = crypto.h; sourceTree = "<group>"; };
@@ -2369,9 +2428,10 @@
 		9D6BDD0E24BD1026515F4E55 /* ripemd.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ripemd.h; sourceTree = "<group>"; };
 		9DD96A2B5FF883B52E235EC6 /* asn1err.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = asn1err.h; sourceTree = "<group>"; };
 		9E299E98D192E9AB5A716D04 /* buffer.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = buffer.h; sourceTree = "<group>"; };
+		9E84BC8E7F09035F15435BFB /* hpke.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = hpke.h; sourceTree = "<group>"; };
 		9EC20C9F06A56B5CCEBB6729 /* asn1err.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = asn1err.h; sourceTree = "<group>"; };
-		9EDB1786864748E6C6BEE141 /* OpenSSL.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OpenSSL.h; sourceTree = "<group>"; };
 		9EF6CE1456086C367B82EC3A /* pemerr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = pemerr.h; sourceTree = "<group>"; };
+		9F04D6DFF4EE3B6B4B19E7C0 /* quic.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = quic.h; sourceTree = "<group>"; };
 		9F23E46F3552299745DDB8A3 /* lhash.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = lhash.h; sourceTree = "<group>"; };
 		9F2A56B30CE715E8232555DD /* cryptoerr_legacy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cryptoerr_legacy.h; sourceTree = "<group>"; };
 		9F4233BF26364220D5E6AD84 /* conf.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = conf.h; sourceTree = "<group>"; };
@@ -2402,6 +2462,7 @@
 		A3B95E24D0DCC5DC39F53E2E /* types.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = types.h; sourceTree = "<group>"; };
 		A3D1EA851995B2E1829B284A /* dtls1.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = dtls1.h; sourceTree = "<group>"; };
 		A3ED9DAF631A6660811A8447 /* crypto.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = crypto.h; sourceTree = "<group>"; };
+		A41DADC4D994465AEF9C5655 /* e_ostime.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = e_ostime.h; sourceTree = "<group>"; };
 		A42C070A23BB68059176049D /* ecdsa.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ecdsa.h; sourceTree = "<group>"; };
 		A432D3885F08BD3D0A786CDF /* evp.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = evp.h; sourceTree = "<group>"; };
 		A451CC8B9E19EAA0C0777714 /* cast.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cast.h; sourceTree = "<group>"; };
@@ -2411,6 +2472,7 @@
 		A58E4E6EF14672FFFA003253 /* rc5.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = rc5.h; sourceTree = "<group>"; };
 		A5924A8DFBD0F67070311BAF /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = Info.plist; sourceTree = "<group>"; };
 		A5BBB53DFC4A08302BEC3AD9 /* kdferr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = kdferr.h; sourceTree = "<group>"; };
+		A60B0E00715FDFCD0419710B /* e_ostime.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = e_ostime.h; sourceTree = "<group>"; };
 		A61D4B304C6740C59524023E /* bio.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = bio.h; sourceTree = "<group>"; };
 		A71A0FD67C6FD9A712543050 /* opensslconf.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = opensslconf.h; sourceTree = "<group>"; };
 		A71C183ECE9A5F763431CD9C /* dh.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = dh.h; sourceTree = "<group>"; };
@@ -2461,6 +2523,7 @@
 		AF78C2A9EEB11E36A2CC1AFD /* libssl.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libssl.a; sourceTree = "<group>"; };
 		AF9155B2FB190A4204C5DCA3 /* opensslv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = opensslv.h; sourceTree = "<group>"; };
 		B082D1E43FF51D085F69F684 /* rc2.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = rc2.h; sourceTree = "<group>"; };
+		B0C110F767A684A6A3D58FF0 /* e_ostime.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = e_ostime.h; sourceTree = "<group>"; };
 		B0D2504CF59CE967E81ED5F4 /* cast.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cast.h; sourceTree = "<group>"; };
 		B109FEC1FFF9EFFB51188E76 /* ssl3.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ssl3.h; sourceTree = "<group>"; };
 		B126D54BF4FC7ECB4D54C10D /* comp.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = comp.h; sourceTree = "<group>"; };
@@ -2527,6 +2590,7 @@
 		BB797C3F68065EAD009A6CE5 /* conf_api.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = conf_api.h; sourceTree = "<group>"; };
 		BB859A8FE2409A4DDBEAFA59 /* cmac.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cmac.h; sourceTree = "<group>"; };
 		BB91AC448BA95839FAB7BE04 /* shim.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = shim.h; sourceTree = "<group>"; };
+		BBA9E43D4CB9492C2FCD1F58 /* e_ostime.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = e_ostime.h; sourceTree = "<group>"; };
 		BBBF3903AFF549A83CBCFDA9 /* libssl.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libssl.a; sourceTree = "<group>"; };
 		BBF132D900DE4ADD73FA9C0D /* encodererr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = encodererr.h; sourceTree = "<group>"; };
 		BC2CAFA24A882570590972A2 /* ssl2.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ssl2.h; sourceTree = "<group>"; };
@@ -2548,6 +2612,7 @@
 		BFC48C3156D05EB8FFFD75A5 /* ec.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ec.h; sourceTree = "<group>"; };
 		C00A64C72EC00D4DD0D7A2D0 /* core_names.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = core_names.h; sourceTree = "<group>"; };
 		C0386BDFA5C3B190E184C58A /* engineerr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = engineerr.h; sourceTree = "<group>"; };
+		C03FEB21CDD64CBC73DBDE8C /* quic.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = quic.h; sourceTree = "<group>"; };
 		C071E308DCC39BB8AFB11DA1 /* param_build.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = param_build.h; sourceTree = "<group>"; };
 		C0845D78B79FF7C282A20FDB /* ui.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ui.h; sourceTree = "<group>"; };
 		C0F553BF24445EA18DD0BBC1 /* pkcs12.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = pkcs12.h; sourceTree = "<group>"; };
@@ -2585,7 +2650,6 @@
 		C7CEBD8E9A2AD3D2B872B012 /* bnerr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = bnerr.h; sourceTree = "<group>"; };
 		C809D6EBCBC76A787E015E20 /* pkcs12.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = pkcs12.h; sourceTree = "<group>"; };
 		C8887B65C661EA2502C7597F /* seed.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = seed.h; sourceTree = "<group>"; };
-		C8D2F44803471457A6692DDB /* OpenSSL.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OpenSSL.h; sourceTree = "<group>"; };
 		C8DD3A0425A400CA22567DC4 /* md4.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = md4.h; sourceTree = "<group>"; };
 		C8EF1B7C7AF49C3A88FA9821 /* dherr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = dherr.h; sourceTree = "<group>"; };
 		C93F4DB2E55422C14D0D010F /* opensslv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = opensslv.h; sourceTree = "<group>"; };
@@ -2599,6 +2663,7 @@
 		CA691A8BFCEB86C768547D37 /* OpenSSL.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = OpenSSL.framework; sourceTree = BUILT_PRODUCTS_DIR; };
 		CA9417FD197F0BB3D5C6C84F /* ess.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ess.h; sourceTree = "<group>"; };
 		CA98449FDD51B58B7531B942 /* crmf.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = crmf.h; sourceTree = "<group>"; };
+		CAB86FBBB1E9619FAA04A807 /* hpke.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = hpke.h; sourceTree = "<group>"; };
 		CAF1307DF83C1293FEA1E71D /* conftypes.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = conftypes.h; sourceTree = "<group>"; };
 		CB3E03C5A3FE63D873DF1DB2 /* ebcdic.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ebcdic.h; sourceTree = "<group>"; };
 		CBAD7D77BD901E8005FF4EAA /* crmf.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = crmf.h; sourceTree = "<group>"; };
@@ -2623,9 +2688,11 @@
 		CE950CB6B0A4901B8CCFCD4A /* pem.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = pem.h; sourceTree = "<group>"; };
 		CEB01FE701AC2DEEC40CFA38 /* conf.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = conf.h; sourceTree = "<group>"; };
 		CEBFB472E7D5E78A296B8411 /* rc4.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = rc4.h; sourceTree = "<group>"; };
+		CECD89BFDB53774306EA2776 /* thread.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = thread.h; sourceTree = "<group>"; };
 		CED01D88B67FDE6EB7B2B434 /* httperr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = httperr.h; sourceTree = "<group>"; };
 		CEF2C3AA48BAB3DDE1D6DAD7 /* conf_api.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = conf_api.h; sourceTree = "<group>"; };
 		CF2F706D3E94CF096A0081FC /* configuration.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = configuration.h; sourceTree = "<group>"; };
+		CF42E9C84BCB182000702A74 /* quic.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = quic.h; sourceTree = "<group>"; };
 		CF645AEC5D9624AAFDDB71F6 /* rc4.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = rc4.h; sourceTree = "<group>"; };
 		CF6AFCD344CDEAD91ADF877D /* safestack.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = safestack.h; sourceTree = "<group>"; };
 		CFC858177387067A6F850861 /* objects.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = objects.h; sourceTree = "<group>"; };
@@ -2701,14 +2768,15 @@
 		DD92D7D1F3AD549F770F97D6 /* x509.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = x509.h; sourceTree = "<group>"; };
 		DDA7BFEB5C6A752DD9D6553C /* conf_api.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = conf_api.h; sourceTree = "<group>"; };
 		DDB683985E015BF925BE1BCC /* aes.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = aes.h; sourceTree = "<group>"; };
-		DE418C7E56A68380E0665553 /* OpenSSL.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OpenSSL.h; sourceTree = "<group>"; };
 		DE46D988438DF710978E4A6E /* tserr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = tserr.h; sourceTree = "<group>"; };
+		DE5EB365D619CF6272836764 /* thread.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = thread.h; sourceTree = "<group>"; };
 		DE65FA0FAEC711AC464A1A50 /* dtls1.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = dtls1.h; sourceTree = "<group>"; };
 		DE68E08D2509BF2FA0AEC93C /* srtp.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = srtp.h; sourceTree = "<group>"; };
 		DE7C7D6AAE37A2F5A53D82C8 /* kdferr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = kdferr.h; sourceTree = "<group>"; };
 		DEB7BB1C124399F26F6BE1ED /* http.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = http.h; sourceTree = "<group>"; };
 		DED6C1D6C7272443935B204A /* bioerr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = bioerr.h; sourceTree = "<group>"; };
 		DEE26182A9F4EB9A0591A12E /* x509_vfy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = x509_vfy.h; sourceTree = "<group>"; };
+		DF823CA75105088CD7C09373 /* e_ostime.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = e_ostime.h; sourceTree = "<group>"; };
 		DF982EA3C6F1D45E7FED556A /* ripemd.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ripemd.h; sourceTree = "<group>"; };
 		DF9E3F02A5ACB991C38EEA47 /* x509.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = x509.h; sourceTree = "<group>"; };
 		DFA46FC4F668A2760C39E8F8 /* rc2.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = rc2.h; sourceTree = "<group>"; };
@@ -2732,6 +2800,7 @@
 		E2E44813F3777B9BB526B587 /* comp.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = comp.h; sourceTree = "<group>"; };
 		E331F07A4AB2DEF92D64B6C3 /* cmserr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cmserr.h; sourceTree = "<group>"; };
 		E3649CCC63B428922D7624C7 /* rc4.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = rc4.h; sourceTree = "<group>"; };
+		E39E2944DA957015BFBC62C1 /* thread.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = thread.h; sourceTree = "<group>"; };
 		E3D1D1999440E74B2FD407F8 /* rc2.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = rc2.h; sourceTree = "<group>"; };
 		E3E70D3C9545BB932545FE02 /* x509v3.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = x509v3.h; sourceTree = "<group>"; };
 		E3E8B2DCE7963DFAD689C4A0 /* asn1.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = asn1.h; sourceTree = "<group>"; };
@@ -2774,6 +2843,7 @@
 		E993505127E16E7D389B8377 /* ts.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ts.h; sourceTree = "<group>"; };
 		E9B673E02FB3B57A7BFCE723 /* evp.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = evp.h; sourceTree = "<group>"; };
 		E9B7C758616575DB14E03167 /* md2.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = md2.h; sourceTree = "<group>"; };
+		E9CCF76F48078D8FD1160D65 /* thread.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = thread.h; sourceTree = "<group>"; };
 		E9D6F6080A15C9A38188ABC2 /* des.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = des.h; sourceTree = "<group>"; };
 		E9E6A66DCF9D45F12B7518F4 /* decodererr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = decodererr.h; sourceTree = "<group>"; };
 		E9FB5C36C0AC68E8E8316DA6 /* hmac.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = hmac.h; sourceTree = "<group>"; };
@@ -2800,6 +2870,7 @@
 		EDDC8FA0CAF66B98FAE7B856 /* ssl3.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ssl3.h; sourceTree = "<group>"; };
 		EE3BC5E6D4DB9A2073C24884 /* ts.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ts.h; sourceTree = "<group>"; };
 		EE45251BEBCFC8638BFBC529 /* buffererr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = buffererr.h; sourceTree = "<group>"; };
+		EE7E8FA8BE93CCC716243818 /* thread.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = thread.h; sourceTree = "<group>"; };
 		EE8434FE99130917E8F3E06F /* cmac.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cmac.h; sourceTree = "<group>"; };
 		EF18885EDA6FD714D859BE1B /* rsa.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = rsa.h; sourceTree = "<group>"; };
 		EF2A5D0FDAE086FA4DB1D94B /* cmserr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cmserr.h; sourceTree = "<group>"; };
@@ -2808,6 +2879,7 @@
 		EFFB437671A04184E3AF91A1 /* kdferr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = kdferr.h; sourceTree = "<group>"; };
 		F01A75359DA57A503702F209 /* cterr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cterr.h; sourceTree = "<group>"; };
 		F0423013DD0B8C3126F32DD8 /* evp.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = evp.h; sourceTree = "<group>"; };
+		F0485C4FB820E5381173A974 /* quic.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = quic.h; sourceTree = "<group>"; };
 		F07667AFB6917D3DA2C775E1 /* modes.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = modes.h; sourceTree = "<group>"; };
 		F0BCEF9A638774740E17FE33 /* param_build.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = param_build.h; sourceTree = "<group>"; };
 		F0CBA0990ED1523B7B9A9747 /* ocsp.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ocsp.h; sourceTree = "<group>"; };
@@ -2890,6 +2962,7 @@
 		FE13FCFD9C3B7A6823E58488 /* dh.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = dh.h; sourceTree = "<group>"; };
 		FE9D9071ABAB35F7E3087330 /* err.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = err.h; sourceTree = "<group>"; };
 		FECAC39F36167A3B3D960D2A /* md5.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = md5.h; sourceTree = "<group>"; };
+		FED1B84CF5DE8F5D7218F9C4 /* quic.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = quic.h; sourceTree = "<group>"; };
 		FF236D17F56A4B4A457BC573 /* x509v3err.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = x509v3err.h; sourceTree = "<group>"; };
 		FF31BEC6EC31634954EFAD19 /* cms.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cms.h; sourceTree = "<group>"; };
 		FF41C41F6175A869958867B8 /* pem.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = pem.h; sourceTree = "<group>"; };
@@ -2897,8 +2970,10 @@
 		FF88F629F3103B58B4EC890C /* cmperr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cmperr.h; sourceTree = "<group>"; };
 		FF89BEF4ADDF6A2A7938D927 /* blowfish.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = blowfish.h; sourceTree = "<group>"; };
 		FF9989DF0A8DFBFF0C30BF40 /* ocsperr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ocsperr.h; sourceTree = "<group>"; };
+		FFBAC2B9F5D60CD567CCE46E /* hpke.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = hpke.h; sourceTree = "<group>"; };
 		FFBE61A8490DBEDC3EEFD80F /* cmp_util.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = cmp_util.h; sourceTree = "<group>"; };
 		FFE871467A259C1FEF396A5D /* core_names.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = core_names.h; sourceTree = "<group>"; };
+		FFFB0CE58E5DFED2BCE6F345 /* e_ostime.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = e_ostime.h; sourceTree = "<group>"; };
 		FFFD335E53C04B290CA0F2FF /* ripemd.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ripemd.h; sourceTree = "<group>"; };
 /* End PBXFileReference section */
 
@@ -3008,7 +3083,6 @@
 			isa = PBXGroup;
 			children = (
 				23FF668F739297749EC722EE /* Info.plist */,
-				91B68290DE49015488EB39C2 /* OpenSSL.h */,
 			);
 			path = macos_catalyst;
 			sourceTree = "<group>";
@@ -3064,6 +3138,7 @@
 				81E65F4461DFFAA2EC6C1558 /* dsaerr.h */,
 				51FAA4E60AA67A24933BCA30 /* dtls1.h */,
 				543B10BA6D870FBA38793D67 /* e_os2.h */,
+				99A4494C466604ED425FF9D0 /* e_ostime.h */,
 				6C38CA2BD48DDF1682EC9708 /* ebcdic.h */,
 				ABC5966B4865CAD3FE84FC3B /* ec.h */,
 				B5E1174BDBBE69390F071B9E /* ecdh.h */,
@@ -3081,6 +3156,7 @@
 				FAE4A2AE251FFA0082899CFA /* fips_names.h */,
 				163E94956763F5297C7A9438 /* fipskey.h */,
 				1458E347AEE235FA4C201689 /* hmac.h */,
+				8642A3DFDE400287BBA6D06F /* hpke.h */,
 				254078C50A105864F0267F13 /* http.h */,
 				415D050E37CAA915C3BE4395 /* httperr.h */,
 				2B91C8E24A75CAF0B8909C80 /* idea.h */,
@@ -3113,6 +3189,7 @@
 				FF7999F7E93BAEDE93A49369 /* prov_ssl.h */,
 				8133F100B3FF75005590454E /* proverr.h */,
 				5AD229A7F75109DF50B59EF4 /* provider.h */,
+				1FFF43C3AED633E4211DEB32 /* quic.h */,
 				B49E7BAF7FF7181A4FEDEE29 /* rand.h */,
 				36B750F36C24178D86D17310 /* randerr.h */,
 				B082D1E43FF51D085F69F684 /* rc2.h */,
@@ -3137,6 +3214,7 @@
 				3DD444ABA0D585CA1434D439 /* store.h */,
 				90383FCE6356EB24D039FE00 /* storeerr.h */,
 				563F77AD5688A58E86B0326B /* symhacks.h */,
+				CECD89BFDB53774306EA2776 /* thread.h */,
 				12ED4DD2BF4067B341E608A7 /* tls1.h */,
 				5BCFD2A6E75D17F1EA6D8151 /* trace.h */,
 				87B5A00220F996BB4C5500FA /* ts.h */,
@@ -3202,7 +3280,6 @@
 			isa = PBXGroup;
 			children = (
 				0283B538FA44B45A84484D6A /* Info.plist */,
-				34959D5AF4ED86D7BEDAA357 /* OpenSSL.h */,
 			);
 			path = appletvsimulator;
 			sourceTree = "<group>";
@@ -3285,6 +3362,7 @@
 				3C767D0079E32697D44B80BE /* dsaerr.h */,
 				DE65FA0FAEC711AC464A1A50 /* dtls1.h */,
 				796A24F4F97D09DB87233172 /* e_os2.h */,
+				DF823CA75105088CD7C09373 /* e_ostime.h */,
 				343258EBF9207710DCF8FD6A /* ebcdic.h */,
 				6C83E7C6CE0EDFE077662E7A /* ec.h */,
 				E50CDA6CCD6ADCC54CA8643F /* ecdh.h */,
@@ -3302,6 +3380,7 @@
 				2D4B87EF8E2E9EF29284E010 /* fips_names.h */,
 				B566CE9AD5B08A3DE4E5AC84 /* fipskey.h */,
 				5AED308A51563FB1B4B46B8F /* hmac.h */,
+				59E2BE985F0A006A9757778B /* hpke.h */,
 				FC52199800EE4B64893D8F5B /* http.h */,
 				F9C58CA2AC2E67559E363BCF /* httperr.h */,
 				140FDE4FE8D52990BFEF747D /* idea.h */,
@@ -3334,6 +3413,7 @@
 				E236612476C93C6E8302C502 /* prov_ssl.h */,
 				0AD35CEF8DA55B59FB3A8BCE /* proverr.h */,
 				88C481768B30B1CDD6231024 /* provider.h */,
+				03D2F62CD2307F602F11FD6A /* quic.h */,
 				31563DC2AF77FA67DB2B4F65 /* rand.h */,
 				43D078BEA90850DDCB59D79C /* randerr.h */,
 				E3D1D1999440E74B2FD407F8 /* rc2.h */,
@@ -3358,6 +3438,7 @@
 				B865ED6315719455589C1559 /* store.h */,
 				2EBB31F43626D400ABB81678 /* storeerr.h */,
 				9BEE0B2948F059D6164ECF7A /* symhacks.h */,
+				E39E2944DA957015BFBC62C1 /* thread.h */,
 				EA03CF68E8EC08E7E2336E50 /* tls1.h */,
 				E18FD332B3618F00EEDF35F4 /* trace.h */,
 				2810AC3B919702AF1361A0BD /* ts.h */,
@@ -3427,6 +3508,7 @@
 				7322220487D70D488A719C8D /* dsaerr.h */,
 				3CDFB625226C6B43CE2D8DB1 /* dtls1.h */,
 				8076B580BB3CB71396662E9E /* e_os2.h */,
+				A60B0E00715FDFCD0419710B /* e_ostime.h */,
 				CB3E03C5A3FE63D873DF1DB2 /* ebcdic.h */,
 				A45DAA9E729BE3D7054DCEE2 /* ec.h */,
 				8AA4BD793F12B9FA99B9F86D /* ecdh.h */,
@@ -3444,6 +3526,7 @@
 				16F757E6BE0BC729D9920474 /* fips_names.h */,
 				5EF1DDAA3D0D74BB9216F119 /* fipskey.h */,
 				E9FB5C36C0AC68E8E8316DA6 /* hmac.h */,
+				FFBAC2B9F5D60CD567CCE46E /* hpke.h */,
 				53298046092A0C5D01A6C0DA /* http.h */,
 				7E069D672281873AE1569E4E /* httperr.h */,
 				6D65AF8401CDC07CC4867DAB /* idea.h */,
@@ -3476,6 +3559,7 @@
 				EBD8136177350931FD6B8645 /* prov_ssl.h */,
 				B212DD85EF48099AC03E29D7 /* proverr.h */,
 				FDA7B4DB81753408DA091C21 /* provider.h */,
+				5693743FEF16005E4620BCD0 /* quic.h */,
 				421B27155B3864992E0F65FD /* rand.h */,
 				B47C913FB4DCA7F3F1C63DDE /* randerr.h */,
 				B4A6F2CE7D5EBAA9220400C6 /* rc2.h */,
@@ -3500,6 +3584,7 @@
 				81E96FA8528826F66A07ECF9 /* store.h */,
 				D02190B9DD7C8553270AB0F9 /* storeerr.h */,
 				DBE77D35B344EBF52DA37109 /* symhacks.h */,
+				81BEFF56BE349D49943FA7D3 /* thread.h */,
 				315DA8AA55950340DF2CC1B3 /* tls1.h */,
 				8F1CCFAF6E5964C9E87DB014 /* trace.h */,
 				FE0514559D66CA387809E1DB /* ts.h */,
@@ -3531,7 +3616,6 @@
 			isa = PBXGroup;
 			children = (
 				0BBC589E93F68C127358DB22 /* Info.plist */,
-				C8D2F44803471457A6692DDB /* OpenSSL.h */,
 			);
 			path = iphoneos;
 			sourceTree = "<group>";
@@ -3549,6 +3633,7 @@
 				FEC0D04CFF2194893602E6F3 /* visionsimulator */,
 				CB744F43ED8DA4C5721D2B49 /* watchos */,
 				EE611C7AD148FADB5E164001 /* watchsimulator */,
+				7E14226DFC71F8A8761A2446 /* OpenSSL.h */,
 				CD20DE50707AD73FB57BFCD5 /* PrivacyInfo.xcprivacy */,
 			);
 			path = support;
@@ -3614,6 +3699,7 @@
 				E49FAE067533A64F8F2D017C /* dsaerr.h */,
 				C3E70C14F781AD4CF234AB04 /* dtls1.h */,
 				4F117B5E2D78AEAB1252BFFF /* e_os2.h */,
+				B0C110F767A684A6A3D58FF0 /* e_ostime.h */,
 				9B68C02C64F7737099B2C9BB /* ebcdic.h */,
 				49E5FFA0057B12C48BFD40DC /* ec.h */,
 				66BFB63E4CE0F7D5141AEAF2 /* ecdh.h */,
@@ -3631,6 +3717,7 @@
 				26505C5C85330F549C598185 /* fips_names.h */,
 				D55B2E33E0A57AE420AF1F6B /* fipskey.h */,
 				42EA0EBC7DE1A8C7ACB53415 /* hmac.h */,
+				9E84BC8E7F09035F15435BFB /* hpke.h */,
 				ADFA1B6E3735012A367D25A5 /* http.h */,
 				CED01D88B67FDE6EB7B2B434 /* httperr.h */,
 				901905AD035E2A9097588C3F /* idea.h */,
@@ -3663,6 +3750,7 @@
 				AE0E1470B4E821D78C910BE3 /* prov_ssl.h */,
 				C2EF59AD0968A878D4E85DFB /* proverr.h */,
 				43C45560A2C578607FAF9CCE /* provider.h */,
+				F0485C4FB820E5381173A974 /* quic.h */,
 				CC902BB30517DB83D41F142A /* rand.h */,
 				B91E3034017627CE3A4F7A78 /* randerr.h */,
 				F710E0057A501EA7C7E63957 /* rc2.h */,
@@ -3687,6 +3775,7 @@
 				60168992D423D23075FBC616 /* store.h */,
 				C2E457E39647FA3BC669DAA9 /* storeerr.h */,
 				22EDC257E7E807A318AA65EA /* symhacks.h */,
+				EE7E8FA8BE93CCC716243818 /* thread.h */,
 				85A86153707B0F3081FED65E /* tls1.h */,
 				5965B6C298C062B914FAE2C4 /* trace.h */,
 				42BD0E79A85DDE48F27B07AF /* ts.h */,
@@ -3745,7 +3834,6 @@
 			isa = PBXGroup;
 			children = (
 				3C4C72E573F84414019406FF /* Info.plist */,
-				9C5825B655693C39829EC716 /* OpenSSL.h */,
 			);
 			path = macos;
 			sourceTree = "<group>";
@@ -3810,6 +3898,7 @@
 				A0CDD0A5F89CC511ECF524D8 /* dsaerr.h */,
 				B492A96D5186DD39277F16E6 /* dtls1.h */,
 				A0B56183F7628DE5FA1FE06E /* e_os2.h */,
+				A41DADC4D994465AEF9C5655 /* e_ostime.h */,
 				179AA637D336DAE17D4CC0E9 /* ebcdic.h */,
 				1F30EB2521CBB16A81DD270C /* ec.h */,
 				1C9A98475C691B7696C79025 /* ecdh.h */,
@@ -3827,6 +3916,7 @@
 				7CB77C74E2C513135ACA94C3 /* fips_names.h */,
 				51AF490B8570FF53FCAEC44D /* fipskey.h */,
 				1477488E9ADF5E26409603E2 /* hmac.h */,
+				8C65A57ABA86D465E1841487 /* hpke.h */,
 				D41A22E759B24D23DB1AFDDE /* http.h */,
 				5CE17B0CCF01A71E2E0E80E6 /* httperr.h */,
 				78D4FA9A0FA2157D76EDE499 /* idea.h */,
@@ -3859,6 +3949,7 @@
 				7C637762426D432BFE7CA04E /* prov_ssl.h */,
 				6B41D4F9A567E7B631058D4B /* proverr.h */,
 				3618519CE9156865758DBE79 /* provider.h */,
+				CF42E9C84BCB182000702A74 /* quic.h */,
 				55E37A2E83DDC127073C6854 /* rand.h */,
 				03E94F2CABD017FDAE9BF893 /* randerr.h */,
 				4A27932B32073C278C14CB9F /* rc2.h */,
@@ -3883,6 +3974,7 @@
 				415B8E0CF9A36FADDB5AB61A /* store.h */,
 				0364AE25EC6FD2BB69A2CCAD /* storeerr.h */,
 				71308B424D70C88A876F6B84 /* symhacks.h */,
+				E9CCF76F48078D8FD1160D65 /* thread.h */,
 				E614E117BB6C5996BF7106CC /* tls1.h */,
 				A5195C45AE74A32315ECAB9F /* trace.h */,
 				E993505127E16E7D389B8377 /* ts.h */,
@@ -3969,6 +4061,7 @@
 				D9C734350D2109ABF93B0A3C /* dsaerr.h */,
 				3B5BAFEC2FBC59FF4137F5E8 /* dtls1.h */,
 				05B247FD2130D451C425C9DE /* e_os2.h */,
+				FFFB0CE58E5DFED2BCE6F345 /* e_ostime.h */,
 				F5214C5E1D601A261E19AE76 /* ebcdic.h */,
 				EBC4DDFBD0F2870F2483FA7A /* ec.h */,
 				912B4EAD5A6431EEB9D3981A /* ecdh.h */,
@@ -3986,6 +4079,7 @@
 				3D7FFB3388A1E430383343DF /* fips_names.h */,
 				78EFA71456E68FE5ACC31077 /* fipskey.h */,
 				658669D7751B692E1BE6D140 /* hmac.h */,
+				190B6CC5EB4C2661E3168A4A /* hpke.h */,
 				EC9D94FD6FC0BE6CFABAAE41 /* http.h */,
 				A526DE73F6F32E0BCD3C8A41 /* httperr.h */,
 				C5334D3D7ECA1AC6C737B67A /* idea.h */,
@@ -4018,6 +4112,7 @@
 				46A53CBCE6EB913832843562 /* prov_ssl.h */,
 				E5C5522D413D07409539F1D3 /* proverr.h */,
 				94E553B0126B2AF7F4D9DF05 /* provider.h */,
+				3ABB10DC5797C78C86EAAF96 /* quic.h */,
 				D0665EDDCE2280218B29B22F /* rand.h */,
 				19BA13B555702CA706F61D82 /* randerr.h */,
 				028B1C4D591824704AEE7E09 /* rc2.h */,
@@ -4042,6 +4137,7 @@
 				98812EC67E48FD11A975619E /* store.h */,
 				ECD07DE0E1E839D92A623587 /* storeerr.h */,
 				1D3B294471722B5EFFF41D26 /* symhacks.h */,
+				DE5EB365D619CF6272836764 /* thread.h */,
 				42D5B72214D4EA2F189A18B7 /* tls1.h */,
 				F3590769834395B4C699DD33 /* trace.h */,
 				6C2521BF788DFE516B801174 /* ts.h */,
@@ -4080,7 +4176,6 @@
 			isa = PBXGroup;
 			children = (
 				69B2829EF44948E27E15A3EB /* Info.plist */,
-				9EDB1786864748E6C6BEE141 /* OpenSSL.h */,
 			);
 			path = visionos;
 			sourceTree = "<group>";
@@ -4136,6 +4231,7 @@
 				11E2AF9BE70DD4F06E39ADAA /* dsaerr.h */,
 				E6C5B7A1FEAD5D07476E1D9B /* dtls1.h */,
 				1BB8658F140CAA8D3AFE4B64 /* e_os2.h */,
+				5E994EBA75692A2B3A1CB8A5 /* e_ostime.h */,
 				9C65D3752CE73FDD24EFADD6 /* ebcdic.h */,
 				E103AC18AF6DB013F993884E /* ec.h */,
 				E1973FCF7F2B126F89E97772 /* ecdh.h */,
@@ -4153,6 +4249,7 @@
 				7DCBCE79BDFA82140C7ACC54 /* fips_names.h */,
 				54FB834C5845EB59B3C8EC61 /* fipskey.h */,
 				E075750220245924BD204ABD /* hmac.h */,
+				CAB86FBBB1E9619FAA04A807 /* hpke.h */,
 				DEB7BB1C124399F26F6BE1ED /* http.h */,
 				94530B677B55CAF48314CBB3 /* httperr.h */,
 				F3170D8EEC00AEA644943944 /* idea.h */,
@@ -4185,6 +4282,7 @@
 				4FEFB12CE07C2DEE8F7F694F /* prov_ssl.h */,
 				27807E7E24663405BA654181 /* proverr.h */,
 				4675CF8ECC85B6869B4EB68E /* provider.h */,
+				FED1B84CF5DE8F5D7218F9C4 /* quic.h */,
 				7DDE849E0609AB233C4602CB /* rand.h */,
 				08DAE1C2FD834DD0D4B923E7 /* randerr.h */,
 				79E0A753F02BCE60C4A1CCC0 /* rc2.h */,
@@ -4209,6 +4307,7 @@
 				74100AEC4C8BE866231CAA67 /* store.h */,
 				FA5B848BF082D822F7A381F4 /* storeerr.h */,
 				70FBC76C643323C392FB1281 /* symhacks.h */,
+				490FA5B3839A23871C3A1BBB /* thread.h */,
 				5EABBAACCB91DA4273BA36A7 /* tls1.h */,
 				D24FC8CECE1B89875EE639E4 /* trace.h */,
 				AEA4B8CAB24E4FF53A7EF6DA /* ts.h */,
@@ -4278,6 +4377,7 @@
 				5A7D21F8E4A442B8E1A58DF5 /* dsaerr.h */,
 				C958A899D9A285565952539E /* dtls1.h */,
 				8FB1659BEE93CB2C40908B37 /* e_os2.h */,
+				BBA9E43D4CB9492C2FCD1F58 /* e_ostime.h */,
 				E55092C85096AA28403DA8AD /* ebcdic.h */,
 				BFC48C3156D05EB8FFFD75A5 /* ec.h */,
 				D3232CED9C0920DA26A23D17 /* ecdh.h */,
@@ -4295,6 +4395,7 @@
 				79C78FA6A023EF4F70FFC4E6 /* fips_names.h */,
 				2933FA1FD7736287082551DD /* fipskey.h */,
 				63A96840153AA59FDA23344B /* hmac.h */,
+				25A3E9B946A8250068D58162 /* hpke.h */,
 				41974C3742BAD1B35191EF90 /* http.h */,
 				67BC8004095D943FC75C64DC /* httperr.h */,
 				7DBA8D8A99F92891A97C019E /* idea.h */,
@@ -4327,6 +4428,7 @@
 				37AED59B2330DC15D79DF030 /* prov_ssl.h */,
 				682F34DC86112349DB4C55F8 /* proverr.h */,
 				498A4E142FBD723C99C7E374 /* provider.h */,
+				C03FEB21CDD64CBC73DBDE8C /* quic.h */,
 				7C4828A9E41FF68C6E417F62 /* rand.h */,
 				DAA2A365F104C103A54E5A85 /* randerr.h */,
 				DFA46FC4F668A2760C39E8F8 /* rc2.h */,
@@ -4351,6 +4453,7 @@
 				E6A20B371D17320FD106DF06 /* store.h */,
 				32F9C65137DDFFE2F5297D5A /* storeerr.h */,
 				DB60F8D340700CFA87C02F80 /* symhacks.h */,
+				8602928B4AAD6EEED2F26768 /* thread.h */,
 				8A1CD03B6AD7865C5F413628 /* tls1.h */,
 				2FCC4FF20EF38B2BB3AD8DA1 /* trace.h */,
 				A25540EA81EEF390359200FB /* ts.h */,
@@ -4429,6 +4532,7 @@
 				E89B7711659C905085A17264 /* dsaerr.h */,
 				94CF8A92FEDB2C5A223E149F /* dtls1.h */,
 				66EAA6487E1073685F51845E /* e_os2.h */,
+				7FA92DB50774F165A25040D5 /* e_ostime.h */,
 				ABAF353C0494098F713BB833 /* ebcdic.h */,
 				42CB6A6C79B52FA24B9EDBBF /* ec.h */,
 				2673850595BF7C7667163D58 /* ecdh.h */,
@@ -4446,6 +4550,7 @@
 				BAB5C005D8B35F273E075D8D /* fips_names.h */,
 				8BF18AD9274EB5B16AB758F2 /* fipskey.h */,
 				4C1E82AD3B970BFE713A9289 /* hmac.h */,
+				383C8A5319576F7AD3BBCD96 /* hpke.h */,
 				F5FAE188B215569E45E397A6 /* http.h */,
 				F74B95BA5805C025A8B29431 /* httperr.h */,
 				A254B368DC4639B5C1A1BC74 /* idea.h */,
@@ -4478,6 +4583,7 @@
 				59959F1B0518BE74B17A8991 /* prov_ssl.h */,
 				91C4C2AD006532C0038EDFEB /* proverr.h */,
 				6507299F0C4A7A3140F18848 /* provider.h */,
+				9F04D6DFF4EE3B6B4B19E7C0 /* quic.h */,
 				44125F89E8709A7FD4032F36 /* rand.h */,
 				7D0B2588E1BBE76C7BB9FEFE /* randerr.h */,
 				5DDAF3916AC8B9CAECD143D4 /* rc2.h */,
@@ -4502,6 +4608,7 @@
 				7BD721C3BB0F0C4DD22FC2D5 /* store.h */,
 				59A81235D7B170C32B3ED3BC /* storeerr.h */,
 				5A5A730F0044794A4D19E911 /* symhacks.h */,
+				264A016BBC3448DA4C4D9E6C /* thread.h */,
 				34DB9DBA053C9D8250AD2089 /* tls1.h */,
 				2BF5B9DF6895973BCCBB1EEF /* trace.h */,
 				EE3BC5E6D4DB9A2073C24884 /* ts.h */,
@@ -4610,7 +4717,6 @@
 			isa = PBXGroup;
 			children = (
 				1745C97FD0AF99C6F619112B /* Info.plist */,
-				DE418C7E56A68380E0665553 /* OpenSSL.h */,
 			);
 			path = iphonesimulator;
 			sourceTree = "<group>";
@@ -4645,7 +4751,6 @@
 			isa = PBXGroup;
 			children = (
 				6AE191249D6342A9A81BC5AB /* Info.plist */,
-				3D1E4EDFFB8A21D8C21AF1AB /* OpenSSL.h */,
 			);
 			path = appletvos;
 			sourceTree = "<group>";
@@ -4701,6 +4806,7 @@
 				5DD93AC4C08A84B2118CEC06 /* dsaerr.h */,
 				A3D1EA851995B2E1829B284A /* dtls1.h */,
 				9FCA1527F253511B5CBDFB9F /* e_os2.h */,
+				16CAAD34F507F87BDEC6F45B /* e_ostime.h */,
 				A2A5D7F08C1A88A19AD65509 /* ebcdic.h */,
 				4C8E65B51A2E061ACB3753CD /* ec.h */,
 				86F89D86863E3B2D97999695 /* ecdh.h */,
@@ -4718,6 +4824,7 @@
 				96C9A65D6731A28B01F854B5 /* fips_names.h */,
 				3AA3F2F85D6B15C3B5A56AB0 /* fipskey.h */,
 				CD38AECF060F30A45B1E2786 /* hmac.h */,
+				0BD49B1916C23C6E74B12885 /* hpke.h */,
 				90D0FBDFDFDA3A01157DBA58 /* http.h */,
 				B7688A1D570C82CF8C3BFDEA /* httperr.h */,
 				B142726F50DE7A9CAA5C9C7C /* idea.h */,
@@ -4750,6 +4857,7 @@
 				E90FBF383140D30F3E34C43A /* prov_ssl.h */,
 				B49976527614CDCA4BAD6065 /* proverr.h */,
 				352DD4DDCDBC160858D00E76 /* provider.h */,
+				6F1A2ED264A8872A7682ADBC /* quic.h */,
 				B7EF09570739585BB574BE83 /* rand.h */,
 				4E4DC0766B3D5D4D7473FF1D /* randerr.h */,
 				3EA1D661B02A1F2DFCDE6D09 /* rc2.h */,
@@ -4774,6 +4882,7 @@
 				1D2280BFC551901E9BC4A62F /* store.h */,
 				AC45AF1498BF6FFB7890A734 /* storeerr.h */,
 				2760499CCCC0FA29B7DD6FB6 /* symhacks.h */,
+				5705B5156AB691810ABB5409 /* thread.h */,
 				9AC2A7EC15A01471C6D7E671 /* tls1.h */,
 				72782266ABD54F36F75DDF25 /* trace.h */,
 				29B40A45A5B516EF683791D8 /* ts.h */,
@@ -4820,7 +4929,6 @@
 			isa = PBXGroup;
 			children = (
 				231F7CED82439F136867809A /* Info.plist */,
-				402F3A62F32C2933D12132DE /* OpenSSL.h */,
 			);
 			path = visionsimulator;
 			sourceTree = "<group>";
@@ -4832,6 +4940,7 @@
 			isa = PBXHeadersBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				6E6D509CF8598A450E8CAEED /* OpenSSL.h in Headers */,
 				9C2A93862AC258E215BDFB16 /* aes.h in Headers */,
 				B9047B205617411129C1C64C /* asn1.h in Headers */,
 				94F2FF308BD7F5047D9B5231 /* asn1err.h in Headers */,
@@ -4880,6 +4989,7 @@
 				4B7CA4C816BB3D224BC99180 /* dsaerr.h in Headers */,
 				56C003F8573242F6902E80D2 /* dtls1.h in Headers */,
 				96BD7EF02BA70560A4E8263B /* e_os2.h in Headers */,
+				CECADA35C9054737F6C2AF10 /* e_ostime.h in Headers */,
 				17838E8464ACFF443E3F9C4E /* ebcdic.h in Headers */,
 				32DBC608AAEAE3517E23A02D /* ec.h in Headers */,
 				F9992D5CE64E36EBFBDA08E1 /* ecdh.h in Headers */,
@@ -4897,6 +5007,7 @@
 				69392CD9ADA41B2599501204 /* fips_names.h in Headers */,
 				5C66785C243819D4CA0F73AD /* fipskey.h in Headers */,
 				9696E2BB4FFBDAD7ECEA16AA /* hmac.h in Headers */,
+				5011E00212B8C9213E15FE27 /* hpke.h in Headers */,
 				54FE4E688BC7C2D5F49656E9 /* http.h in Headers */,
 				BCBA86B2FB6B2753D78A22E2 /* httperr.h in Headers */,
 				0CDD4C6DD58B0C838BADFECA /* idea.h in Headers */,
@@ -4929,6 +5040,7 @@
 				79D37EE246B728A8F473265E /* prov_ssl.h in Headers */,
 				35723C4E38B13220D2050624 /* proverr.h in Headers */,
 				098F75DF8E971FBB1C19854D /* provider.h in Headers */,
+				D6676352F31E358C487847AF /* quic.h in Headers */,
 				8D7388074638AE5241B2220E /* rand.h in Headers */,
 				4A564ED7286ECE8E8E56E7FB /* randerr.h in Headers */,
 				796340B4F8D3DA811E2FA46A /* rc2.h in Headers */,
@@ -4953,6 +5065,7 @@
 				7CE80F613A590164207C0438 /* store.h in Headers */,
 				10E6CC12C1A7E650E70DCBE7 /* storeerr.h in Headers */,
 				EA2B3CE7F4D7AAA7CFDDAD6B /* symhacks.h in Headers */,
+				0B8172CDC0B3BCC66567B4CC /* thread.h in Headers */,
 				6F8A0BDED419D4DFF72C7FD8 /* tls1.h in Headers */,
 				FED6C64BCBD7463B398BB600 /* trace.h in Headers */,
 				420330472CDB1D321B523CFC /* ts.h in Headers */,
@@ -5022,6 +5135,7 @@
 				25023314F77887AB7A015A18 /* dsaerr.h in Headers */,
 				2AC75988A442429BDFF2E9C4 /* dtls1.h in Headers */,
 				54323BA4F85E2F928699F5CD /* e_os2.h in Headers */,
+				3C19D3F2D4B21717BF5AE347 /* e_ostime.h in Headers */,
 				73669C537A6DE0DD95496DA9 /* ebcdic.h in Headers */,
 				1CCC71B6A0C00947CA907E71 /* ec.h in Headers */,
 				E6340D6EA77DA648CB0D983C /* ecdh.h in Headers */,
@@ -5039,6 +5153,7 @@
 				85093F7481C58BC80FE9BAD1 /* fips_names.h in Headers */,
 				FE437E977D687491AB0F90AC /* fipskey.h in Headers */,
 				5082B3D55969A127C2EF798D /* hmac.h in Headers */,
+				05674F77B2BE4EF03AC455F3 /* hpke.h in Headers */,
 				4447EF86C665C2CEEA1EDE68 /* http.h in Headers */,
 				18AA5FE263DF2AD6F0B13C43 /* httperr.h in Headers */,
 				16189B2D1F48C330DB2B652D /* idea.h in Headers */,
@@ -5071,6 +5186,7 @@
 				A6E36372601498BDCB6ED869 /* prov_ssl.h in Headers */,
 				E85AAF53514D040F3A2E3D81 /* proverr.h in Headers */,
 				792E66E0C459D454659F7EEB /* provider.h in Headers */,
+				5F779F4922CBEFBB220E365C /* quic.h in Headers */,
 				63E7DBA72AFE236E6C3C14B7 /* rand.h in Headers */,
 				618B6D3CC4E41334D90A7B29 /* randerr.h in Headers */,
 				1867979361DB105B20E801D1 /* rc2.h in Headers */,
@@ -5095,6 +5211,7 @@
 				1CF7C52762DC39D7349586C6 /* store.h in Headers */,
 				F5DC00508A3BA3C5660696C1 /* storeerr.h in Headers */,
 				3F4ECAD271C45DDB572BD078 /* symhacks.h in Headers */,
+				74883CDFC51B9AE6294F0053 /* thread.h in Headers */,
 				AD93BB74D93DEACA436F5A1C /* tls1.h in Headers */,
 				1D9A264FE2CC6AFD11E2BCEE /* trace.h in Headers */,
 				B641C7531B8E99BFCFE18E8E /* ts.h in Headers */,
@@ -5109,7 +5226,7 @@
 				D9C72B30C62BB6A7D336C818 /* x509err.h in Headers */,
 				EDDD60A64AE459F40CE126CF /* x509v3.h in Headers */,
 				808AA28B91DE3B60E72DC6F1 /* x509v3err.h in Headers */,
-				D08BD5EED1921943C8D5B7FC /* OpenSSL.h in Headers */,
+				A8AF5D43ADBAA976F96DDBF9 /* OpenSSL.h in Headers */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -5165,6 +5282,7 @@
 				CF67C83A1A4D8E047F3AEEC4 /* dsaerr.h in Headers */,
 				D18F914C143A186E95AA720E /* dtls1.h in Headers */,
 				E387F10D538370343AD8641B /* e_os2.h in Headers */,
+				EA7AC30D3D2E4252EC5B2FE8 /* e_ostime.h in Headers */,
 				3AFC5FF878C0FB2704A8ED08 /* ebcdic.h in Headers */,
 				644CFDFF2EF982D8B9BF434C /* ec.h in Headers */,
 				9BD80E1A58E0FA8123740214 /* ecdh.h in Headers */,
@@ -5182,6 +5300,7 @@
 				53963D40A380D69B71D1A247 /* fips_names.h in Headers */,
 				67F33A6947DC618E5234A117 /* fipskey.h in Headers */,
 				81DF8F3C8C9FCE05CA8FB331 /* hmac.h in Headers */,
+				E27A0FD0BCCAFE1D9C731439 /* hpke.h in Headers */,
 				B0C86E07F7748BBA49864ECF /* http.h in Headers */,
 				7AB5D4123A95E71D5E4B6D60 /* httperr.h in Headers */,
 				9B01F2E99C7B082CE5FDCA20 /* idea.h in Headers */,
@@ -5214,6 +5333,7 @@
 				6FD8C38DF6FCE964A086204B /* prov_ssl.h in Headers */,
 				84F795E55EC7BDCD0786077E /* proverr.h in Headers */,
 				E76F7328C262522443414EFA /* provider.h in Headers */,
+				7B2A9380C1EE19E9319E4E2C /* quic.h in Headers */,
 				0FD6B6A55E8810D5BFD4AE55 /* rand.h in Headers */,
 				B270698799AA73DB64B7FAE8 /* randerr.h in Headers */,
 				02DD1BE4FC8713833CE82384 /* rc2.h in Headers */,
@@ -5238,6 +5358,7 @@
 				8053AB297E04FB75669E5A4A /* store.h in Headers */,
 				9554496D7382FE720F567DFA /* storeerr.h in Headers */,
 				A6792AC88DFEB253378B3C6F /* symhacks.h in Headers */,
+				B907568DBB66EEB21DA556F8 /* thread.h in Headers */,
 				2C7BE447F4A0257C018BFE80 /* tls1.h in Headers */,
 				4B188D27D14C9A4FFE5CD753 /* trace.h in Headers */,
 				2739C5077E0F964DB74A240E /* ts.h in Headers */,
@@ -5252,7 +5373,7 @@
 				160D5D8D80669BB44CA8C31B /* x509err.h in Headers */,
 				0ECFB4E61127384A5DD75B0F /* x509v3.h in Headers */,
 				DC5F8DC62156124AF6E7A5DC /* x509v3err.h in Headers */,
-				62010AB9078B60D2D7D8BC4A /* OpenSSL.h in Headers */,
+				3A9C8527B37400F310CB6793 /* OpenSSL.h in Headers */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -5308,6 +5429,7 @@
 				B38203F2517B180731161519 /* dsaerr.h in Headers */,
 				31F11F80B728DAB70410BCFA /* dtls1.h in Headers */,
 				C14909C754896686D4441F88 /* e_os2.h in Headers */,
+				D168954FDBAB82C93C21482A /* e_ostime.h in Headers */,
 				0B53C646CD6ED141BBCD4119 /* ebcdic.h in Headers */,
 				64EFB73A1A3229CE0752B05E /* ec.h in Headers */,
 				EF469CD3AC328F8F1C2D8E8F /* ecdh.h in Headers */,
@@ -5325,6 +5447,7 @@
 				313B13A8084E88830E9AB568 /* fips_names.h in Headers */,
 				41CF09CBE3A7FFB8E54AFD0E /* fipskey.h in Headers */,
 				967324153E14F6AD2D73DF83 /* hmac.h in Headers */,
+				713A16F5DA1583EB9110762B /* hpke.h in Headers */,
 				A6FDFFC9D5F1721B208B897A /* http.h in Headers */,
 				3EAFF60E57DEE30FA27515A1 /* httperr.h in Headers */,
 				6E272068ADA16BF979680244 /* idea.h in Headers */,
@@ -5357,6 +5480,7 @@
 				9963E81CD274B0B979EB856C /* prov_ssl.h in Headers */,
 				EBBBEBC893F916176C83A623 /* proverr.h in Headers */,
 				30D2207BC7A636396652DED8 /* provider.h in Headers */,
+				2B8D988A8C1076568EBBC174 /* quic.h in Headers */,
 				FFC0628275C99167A7A523CE /* rand.h in Headers */,
 				DF1A1185D1A9ADA986FF63AE /* randerr.h in Headers */,
 				04984A2A6D0EE09C468E3C39 /* rc2.h in Headers */,
@@ -5381,6 +5505,7 @@
 				8A933434A2E43C8A334A2F88 /* store.h in Headers */,
 				7CD22884CB9F2A8F020E6374 /* storeerr.h in Headers */,
 				C529CCEB362F858156E01FBA /* symhacks.h in Headers */,
+				D5F8B4F9D0DDBED78C4744FB /* thread.h in Headers */,
 				3E763ED35AE19C1AFD2AE4BE /* tls1.h in Headers */,
 				AE339B3D08E36201425B04DE /* trace.h in Headers */,
 				D97AF19D65AB865B3FF7B582 /* ts.h in Headers */,
@@ -5395,7 +5520,7 @@
 				0F2DFC13410EB1CE989D1588 /* x509err.h in Headers */,
 				4961EAC358631FD70E08A3E8 /* x509v3.h in Headers */,
 				C38EDDCD92F22D87F624C07B /* x509v3err.h in Headers */,
-				254362AC6624D0322CDAD913 /* OpenSSL.h in Headers */,
+				28C7546BE270499688207511 /* OpenSSL.h in Headers */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -5451,6 +5576,7 @@
 				0C2D2938EB88D7F7ED58115C /* dsaerr.h in Headers */,
 				D0076AAE4507D41BCF60EC26 /* dtls1.h in Headers */,
 				621B3ED8B4808D0F90775F6F /* e_os2.h in Headers */,
+				4F666B5A2728905A57668388 /* e_ostime.h in Headers */,
 				9958FDB6CB7A3DD972B26584 /* ebcdic.h in Headers */,
 				BCDDEC31C466A8E70890C0BA /* ec.h in Headers */,
 				07B0C2EAB359EF04855DBFE4 /* ecdh.h in Headers */,
@@ -5468,6 +5594,7 @@
 				CBAA63A6D9090BB353D2A272 /* fips_names.h in Headers */,
 				548F5B689F9F1C5F18A7F61B /* fipskey.h in Headers */,
 				BAE02B867D8015F14237BC65 /* hmac.h in Headers */,
+				F900CECC7DC644E23A6EC62D /* hpke.h in Headers */,
 				118E8FC97A50C8EE4AF7CC20 /* http.h in Headers */,
 				F3EE9B1006FE48F28D2427B0 /* httperr.h in Headers */,
 				9C7F306E3DF4C23A2B4663AD /* idea.h in Headers */,
@@ -5500,6 +5627,7 @@
 				2F9DF38793FE30D5D13869EF /* prov_ssl.h in Headers */,
 				1D1A59A3F556BFB2C2795C74 /* proverr.h in Headers */,
 				32F5F0716DA99E4F1F7FFA3A /* provider.h in Headers */,
+				717196CF2B32E68DF3A439E3 /* quic.h in Headers */,
 				5CFB75F9C4E0D0FEC7C6807F /* rand.h in Headers */,
 				D8BC870A377B0EBEAD717FAF /* randerr.h in Headers */,
 				B38E8B6C343B95804CA94263 /* rc2.h in Headers */,
@@ -5524,6 +5652,7 @@
 				D7F30B54C2850DD7496ABA7B /* store.h in Headers */,
 				BAAA097ABEB047597EA485F6 /* storeerr.h in Headers */,
 				7A5C8BFE4F868B159B514603 /* symhacks.h in Headers */,
+				C5705F9F6975FDBB4DC56C4D /* thread.h in Headers */,
 				1A8382C78B4BDF1889B4B995 /* tls1.h in Headers */,
 				AF1550BD2FAB2C9E135C40F8 /* trace.h in Headers */,
 				C708DB16A61759B33B82F928 /* ts.h in Headers */,
@@ -5538,7 +5667,7 @@
 				43050ABCF7FBC6DE0E524161 /* x509err.h in Headers */,
 				AE853702BE34DCAFBD33A852 /* x509v3.h in Headers */,
 				FA8397DDA92804152C6868A5 /* x509v3err.h in Headers */,
-				2FF4BD34D1890DF65714BCB4 /* OpenSSL.h in Headers */,
+				52D2A796E2866FC16EF346B9 /* OpenSSL.h in Headers */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -5594,6 +5723,7 @@
 				EAF4D3793FF85E64A01E9209 /* dsaerr.h in Headers */,
 				6655FC5F017429F29B1FBA01 /* dtls1.h in Headers */,
 				2A588D7EAECCDCEB7CFFBB7D /* e_os2.h in Headers */,
+				4428F6B0F24B3330E9673D7E /* e_ostime.h in Headers */,
 				7FCD0DA4238D5FB3AA804004 /* ebcdic.h in Headers */,
 				AF3CDDD533D4D06A277DBD5F /* ec.h in Headers */,
 				8222605E7758F6101A8B8407 /* ecdh.h in Headers */,
@@ -5611,6 +5741,7 @@
 				79CB6AB1E910CBCC80CCAD08 /* fips_names.h in Headers */,
 				9095573C7085D51185A9A6EE /* fipskey.h in Headers */,
 				5CD9691D3457572B64181960 /* hmac.h in Headers */,
+				E22833279BC721BEC0B6FE0F /* hpke.h in Headers */,
 				29ED34B127162A0285E622AA /* http.h in Headers */,
 				D127EB7E2752DAA9A1EC95E8 /* httperr.h in Headers */,
 				8A7B14B9D37A06077FD05EFF /* idea.h in Headers */,
@@ -5643,6 +5774,7 @@
 				71FA8C85C1CD8342CE4704F5 /* prov_ssl.h in Headers */,
 				DC7435E139BAF1D9F4760EEC /* proverr.h in Headers */,
 				7B7C9135B2F9ACB907F15020 /* provider.h in Headers */,
+				2F100F8ECF8841CF2D363CE8 /* quic.h in Headers */,
 				C2ABA4CB46D20F2CCEF077E4 /* rand.h in Headers */,
 				B271FFBB5AEBE6BB84C72AB3 /* randerr.h in Headers */,
 				BEE0A76F577DFD573F77D2A3 /* rc2.h in Headers */,
@@ -5667,6 +5799,7 @@
 				EADA68870F4908F15F85B7C2 /* store.h in Headers */,
 				6766450661591C766C6EEC74 /* storeerr.h in Headers */,
 				0600E83DCF7B9BF3683D5410 /* symhacks.h in Headers */,
+				3292C981E768D1164F22CA77 /* thread.h in Headers */,
 				756753D9901A79DF764CA160 /* tls1.h in Headers */,
 				899543B356597BE401C9B02A /* trace.h in Headers */,
 				6045B9009BBDAC714249DED7 /* ts.h in Headers */,
@@ -5681,7 +5814,7 @@
 				E99F2A24A2A865657EF00A51 /* x509err.h in Headers */,
 				7B4B18283A35EC3443C6172C /* x509v3.h in Headers */,
 				DA84C330E1DB9B8545AC929D /* x509v3err.h in Headers */,
-				F7FA060C692405BFEA81FB2E /* OpenSSL.h in Headers */,
+				72CDD4FC2A8760CB81AB6CC6 /* OpenSSL.h in Headers */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -5689,6 +5822,7 @@
 			isa = PBXHeadersBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				619E304A0C79315434D58A68 /* OpenSSL.h in Headers */,
 				38213DF347A038A744C102A0 /* aes.h in Headers */,
 				D982D0320917185A449D171D /* asn1.h in Headers */,
 				7284B68F02FBFA024514ACB4 /* asn1err.h in Headers */,
@@ -5737,6 +5871,7 @@
 				8FD11BBD26EF0F5EE5DF6912 /* dsaerr.h in Headers */,
 				A9BEAA2D46DFF81DB19B1567 /* dtls1.h in Headers */,
 				0282098829DD80E96417B35E /* e_os2.h in Headers */,
+				C4C54D8AB487180E992108E0 /* e_ostime.h in Headers */,
 				891895CA07DD7C6A45E9C421 /* ebcdic.h in Headers */,
 				A2D5D5BF652C4D29CA0E7B65 /* ec.h in Headers */,
 				A22A8F982A44EEB978CF8363 /* ecdh.h in Headers */,
@@ -5754,6 +5889,7 @@
 				D1FC80920C9E938522486AB2 /* fips_names.h in Headers */,
 				F42395D4575F4BCB5865D025 /* fipskey.h in Headers */,
 				0A44059A2FD50EC29C5845D5 /* hmac.h in Headers */,
+				82713F30D24C9CCF0EF69DD2 /* hpke.h in Headers */,
 				4B4E0FE50580A7278EDFE06C /* http.h in Headers */,
 				3D0A5D1187E24D14D7266552 /* httperr.h in Headers */,
 				C29C7AABCD0AECE9B63F27AF /* idea.h in Headers */,
@@ -5786,6 +5922,7 @@
 				E43384E2DF85388D1518C02B /* prov_ssl.h in Headers */,
 				CC06ED21B25279FB65422F8A /* proverr.h in Headers */,
 				733215DF7663A71569E2A0AF /* provider.h in Headers */,
+				13BE84B720FD154B219FBEB3 /* quic.h in Headers */,
 				1F7138153AD52CD499D12108 /* rand.h in Headers */,
 				4167799058FBF12C71FE86C5 /* randerr.h in Headers */,
 				EAAFA899F9DBDD3733A10B43 /* rc2.h in Headers */,
@@ -5810,6 +5947,7 @@
 				D0865D88B7AE537C0077A8E3 /* store.h in Headers */,
 				5050A5C937CDB64181C16065 /* storeerr.h in Headers */,
 				CEEBB9B335D30205C0E4C30F /* symhacks.h in Headers */,
+				76AFB2DD271B88D75E0EC4FF /* thread.h in Headers */,
 				62ECA198C11E71C993E38588 /* tls1.h in Headers */,
 				B147DF6D40C43B6372EEE941 /* trace.h in Headers */,
 				E8A0E6D4BD9D1E9386D238B6 /* ts.h in Headers */,
@@ -5831,7 +5969,7 @@
 			isa = PBXHeadersBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
-				6422372CA17C3A816D549AE2 /* OpenSSL.h in Headers */,
+				BC348F88A738DBBBD08AE25A /* OpenSSL.h in Headers */,
 				DDBE745EABA084A3CAD14011 /* aes.h in Headers */,
 				1965B198F6AB1B3191ACDA0A /* asn1.h in Headers */,
 				4AB12BB551B5586CA0452741 /* asn1err.h in Headers */,
@@ -5880,6 +6018,7 @@
 				68E7DA8E6CCD0BD2A9A122A9 /* dsaerr.h in Headers */,
 				85736CD42B73B969C5C374DF /* dtls1.h in Headers */,
 				B287FA875B283B5E679415DC /* e_os2.h in Headers */,
+				814856A79FCC7D7870742BE5 /* e_ostime.h in Headers */,
 				C1E90097DF38AA4819A2A34B /* ebcdic.h in Headers */,
 				8CE3599430F02D1497A4D846 /* ec.h in Headers */,
 				06D41602077AF916FDFAC9C8 /* ecdh.h in Headers */,
@@ -5897,6 +6036,7 @@
 				A8E8414CB58E9C5866D65757 /* fips_names.h in Headers */,
 				851FF580BB0D2066314997B9 /* fipskey.h in Headers */,
 				DC469418D05FE1E03C176E0A /* hmac.h in Headers */,
+				5AB5600569D1B69CB1266A47 /* hpke.h in Headers */,
 				0D410F73E1131AADE4F2C652 /* http.h in Headers */,
 				E997474391E11540EE76E98C /* httperr.h in Headers */,
 				BCFF4039324679072378DECE /* idea.h in Headers */,
@@ -5929,6 +6069,7 @@
 				8D73395B9D670EC250769CF4 /* prov_ssl.h in Headers */,
 				9C9321CEF97EE205C3141DF5 /* proverr.h in Headers */,
 				035FF1264E2B134C65F182E1 /* provider.h in Headers */,
+				EF8248BD72729CFB6A08BEB1 /* quic.h in Headers */,
 				52C132DC540F74B52E51ACB4 /* rand.h in Headers */,
 				46DF1092A9F7A95FE8AA5ED8 /* randerr.h in Headers */,
 				6BE7616797607023BD8D6B10 /* rc2.h in Headers */,
@@ -5953,6 +6094,7 @@
 				91A450600A6B0422FEDD181D /* store.h in Headers */,
 				CD4C068D7DD0A6D5B7D3C3C2 /* storeerr.h in Headers */,
 				995E7FA7CFD78DFB916CCA0C /* symhacks.h in Headers */,
+				B3CCC6F8B3FC5B6EA3A5453D /* thread.h in Headers */,
 				622A0B1DC944540CB5A61690 /* tls1.h in Headers */,
 				F8A29CA1B7A196574BDA61B9 /* trace.h in Headers */,
 				E24211A09FBF8981783A5FA7 /* ts.h in Headers */,
@@ -6022,6 +6164,7 @@
 				AD0C5EC7C6CBBE39D5572DE1 /* dsaerr.h in Headers */,
 				E77A11FA7B0E020681C22FCE /* dtls1.h in Headers */,
 				08304B119190F0314CD51C76 /* e_os2.h in Headers */,
+				C47CCDA0A8A1D058AAD565E4 /* e_ostime.h in Headers */,
 				30ADBFCAB6C1D3DA8C1FFAC0 /* ebcdic.h in Headers */,
 				14E6F4EDBC3CBAAAF615BFC2 /* ec.h in Headers */,
 				62D76A757B1A7445B0A68D5D /* ecdh.h in Headers */,
@@ -6039,6 +6182,7 @@
 				444885C87A2AE6EF4BF2DAFA /* fips_names.h in Headers */,
 				C3B9ED65F7A4DB39F1129C51 /* fipskey.h in Headers */,
 				DDA609FFD34B6709D79DC010 /* hmac.h in Headers */,
+				D6F4096B20F5630D63EF0D3A /* hpke.h in Headers */,
 				4D141B578DCE8DB982EE6D45 /* http.h in Headers */,
 				F32C99927DFCB8C9B497BFC8 /* httperr.h in Headers */,
 				568693CBFBD16C4D681E0E06 /* idea.h in Headers */,
@@ -6071,6 +6215,7 @@
 				AC0B806BD68C77FD96B98CD3 /* prov_ssl.h in Headers */,
 				B8454D7F35BA6C12A26C0C30 /* proverr.h in Headers */,
 				717FC2DAFF17A9B8A9DFD183 /* provider.h in Headers */,
+				CC01BFE3C3BAAE7885202703 /* quic.h in Headers */,
 				8530D47A5CE618A61BC5D66C /* rand.h in Headers */,
 				979C6CFE39068F0D286B1F6D /* randerr.h in Headers */,
 				D259DBFE893872FF3D3DF8E9 /* rc2.h in Headers */,
@@ -6095,6 +6240,7 @@
 				A64FB69D1D8AD6A32E58C713 /* store.h in Headers */,
 				0539071C2137168548EDDEE9 /* storeerr.h in Headers */,
 				59F591B351DE50DF9729B622 /* symhacks.h in Headers */,
+				F535CD5F3CA17D3B7AD569C3 /* thread.h in Headers */,
 				7EBFF8B7878DD8D1194F99F5 /* tls1.h in Headers */,
 				11BD4BA974D48F64EF0716DE /* trace.h in Headers */,
 				03F09A708DCE9002DF90170B /* ts.h in Headers */,
@@ -6109,7 +6255,7 @@
 				0B1518B2053C258FE920E88B /* x509err.h in Headers */,
 				040DA8594AD298CAD4A6F9A6 /* x509v3.h in Headers */,
 				C618670486F81904FDE0B5E2 /* x509v3err.h in Headers */,
-				35040057813D5185A5E3DDCE /* OpenSSL.h in Headers */,
+				C3C4E2570722D92B59D49F30 /* OpenSSL.h in Headers */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -6117,7 +6263,7 @@
 			isa = PBXHeadersBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
-				5552351456658095117D9E0A /* OpenSSL.h in Headers */,
+				17F605C63683B601CA60CBBB /* OpenSSL.h in Headers */,
 				7BA2F3A5CA7993006ADCD4F7 /* aes.h in Headers */,
 				1F201A2693AEB01D1E5E8651 /* asn1.h in Headers */,
 				2FFEC3F5B41C8C5047F1C6FF /* asn1err.h in Headers */,
@@ -6166,6 +6312,7 @@
 				6A7CFA3CEA558909E9B73209 /* dsaerr.h in Headers */,
 				97B1DDA105281B52228D398F /* dtls1.h in Headers */,
 				271885A344F1B210C02E3550 /* e_os2.h in Headers */,
+				E9C500DF4673B8E7B41418F2 /* e_ostime.h in Headers */,
 				01E79AEE88E40097C4947937 /* ebcdic.h in Headers */,
 				645D45BEF8249F79ECDE8039 /* ec.h in Headers */,
 				DB123E204CED729431250E60 /* ecdh.h in Headers */,
@@ -6183,6 +6330,7 @@
 				8E4FE560B858D5055CC5B356 /* fips_names.h in Headers */,
 				DC044E7048E3B47C9E7DB4EE /* fipskey.h in Headers */,
 				C3DA9EAEDDDB8D1346756EB5 /* hmac.h in Headers */,
+				08C61BEC38F5BD57A4B1B11A /* hpke.h in Headers */,
 				B9F563BA7A1B264ED2BBC384 /* http.h in Headers */,
 				0E1BC8824DBAB7869174AB26 /* httperr.h in Headers */,
 				4831A7B9E0091E14F38AA045 /* idea.h in Headers */,
@@ -6215,6 +6363,7 @@
 				7D764EDA67A155CB3DC018FF /* prov_ssl.h in Headers */,
 				6FEE9F13817D97EE92F519B7 /* proverr.h in Headers */,
 				E54DF3292A33952375283D7D /* provider.h in Headers */,
+				ADD2DEAF5A827D0537FAFD7D /* quic.h in Headers */,
 				775A38ADFAEAA587BB1D80C3 /* rand.h in Headers */,
 				8BF142773F4BE0BB2C631F8C /* randerr.h in Headers */,
 				D0C4BAC1FBF443F9E89DEA64 /* rc2.h in Headers */,
@@ -6239,6 +6388,7 @@
 				8B83D29F5788863D151DDA0C /* store.h in Headers */,
 				C5B6B2101C21707A2141FF44 /* storeerr.h in Headers */,
 				9921530AC97C83459BE9F775 /* symhacks.h in Headers */,
+				5E26650A66044B6ACEA71ADC /* thread.h in Headers */,
 				3A5E0AC4515FF84C30DEDEA1 /* tls1.h in Headers */,
 				D545A0A6C8CDD2CD61F598A7 /* trace.h in Headers */,
 				2302945210FEE7AF70322AAF /* ts.h in Headers */,
@@ -6677,7 +6827,7 @@
 					"$(inherited)",
 					"$(SRCROOT)/watchos/lib",
 				);
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -6732,7 +6882,7 @@
 					"$(inherited)",
 					"$(SRCROOT)/watchsimulator/lib",
 				);
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -6782,7 +6932,7 @@
 					"$(inherited)",
 					"$(SRCROOT)/visionsimulator/lib",
 				);
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -6833,7 +6983,7 @@
 					"$(inherited)",
 					"$(SRCROOT)/appletvsimulator/lib",
 				);
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -6884,7 +7034,7 @@
 					"$(inherited)",
 					"$(SRCROOT)/watchos/lib",
 				);
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -6936,7 +7086,7 @@
 					"$(inherited)",
 					"$(SRCROOT)/iphoneos/lib",
 				);
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -6989,7 +7139,7 @@
 					"$(inherited)",
 					"$(SRCROOT)/appletvsimulator/lib",
 				);
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -7047,7 +7197,7 @@
 					"$(SRCROOT)/macosx/lib",
 				);
 				MACOSX_DEPLOYMENT_TARGET = 10.15;
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -7153,7 +7303,7 @@
 					"$(inherited)",
 					"$(SRCROOT)/visionos/lib",
 				);
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -7252,7 +7402,7 @@
 					"$(inherited)",
 					"$(SRCROOT)/visionsimulator/lib",
 				);
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -7309,7 +7459,7 @@
 					"$(inherited)",
 					"$(SRCROOT)/macosx_catalyst/lib",
 				);
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -7367,7 +7517,7 @@
 					"$(inherited)",
 					"$(SRCROOT)/macosx_catalyst/lib",
 				);
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -7420,7 +7570,7 @@
 					"$(inherited)",
 					"$(SRCROOT)/iphonesimulator/lib",
 				);
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -7468,7 +7618,7 @@
 					"$(inherited)",
 					"$(SRCROOT)/visionos/lib",
 				);
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -7523,7 +7673,7 @@
 					"$(inherited)",
 					"$(SRCROOT)/appletvos/lib",
 				);
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -7578,7 +7728,7 @@
 					"$(inherited)",
 					"$(SRCROOT)/watchsimulator/lib",
 				);
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -7632,7 +7782,7 @@
 					"$(SRCROOT)/macosx/lib",
 				);
 				MACOSX_DEPLOYMENT_TARGET = 10.15;
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -7681,7 +7831,7 @@
 					"$(inherited)",
 					"$(SRCROOT)/iphoneos/lib",
 				);
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -7739,7 +7889,7 @@
 					"$(inherited)",
 					"$(SRCROOT)/iphonesimulator/lib",
 				);
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
@@ -7796,7 +7946,7 @@
 					"$(inherited)",
 					"$(SRCROOT)/appletvos/lib",
 				);
-				MARKETING_VERSION = 3.1.6000;
+				MARKETING_VERSION = 3.2.2000;
 				OTHER_LDFLAGS = "-Xlinker -all_load";
 				PRODUCT_BUNDLE_IDENTIFIER = com.github.krzyzanowskim.OpenSSL;
 				PRODUCT_NAME = OpenSSL;
diff --git a/Project.swift b/Project.swift
index 9301b03e..2699c692 100644
--- a/Project.swift
+++ b/Project.swift
@@ -1,7 +1,7 @@
 import ProjectDescription
 
 private let developmentTeam: SettingValue = "67RAULRX93"
-private let marketingVersion: String = "3.1.6000"
+private let marketingVersion: String = "3.2.2000"
 
 let project = Project(
     name: "OpenSSL",
@@ -19,7 +19,7 @@ let project = Project(
                 "support/PrivacyInfo.xcprivacy"
             ],
             headers: .headers(
-                public: .list([.glob("iphoneos/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/iphoneos/OpenSSL.h"])
+                public: .list([.glob("iphoneos/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/OpenSSL.h"])
             ),
             dependencies: [
                 .library(path: .relativeToRoot("iphoneos/lib/libcrypto.a"), publicHeaders: .relativeToRoot("iphoneos/include/OpenSSL"), swiftModuleMap: nil, condition: nil),
@@ -61,7 +61,7 @@ let project = Project(
                 "support/PrivacyInfo.xcprivacy"
             ],
             headers: .headers(
-                public: .list([.glob("iphonesimulator/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/iphonesimulator/OpenSSL.h"])
+                public: .list([.glob("iphonesimulator/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/OpenSSL.h"])
             ),
             dependencies: [
                 .library(path: .relativeToRoot("iphonesimulator/lib/libcrypto.a"), publicHeaders:  .relativeToRoot("iphonesimulator/include/OpenSSL"), swiftModuleMap: nil, condition: nil),
@@ -103,7 +103,7 @@ let project = Project(
                 "support/PrivacyInfo.xcprivacy"
             ],
             headers: .headers(
-                public: .list([.glob("macosx/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/macos/OpenSSL.h"])
+                public: .list([.glob("macosx/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/OpenSSL.h"])
             ),
             dependencies: [
                 .library(path: .relativeToRoot("macosx/lib/libcrypto.a"), publicHeaders:  .relativeToRoot("macosx/include/OpenSSL"), swiftModuleMap: nil, condition: nil),
@@ -143,7 +143,7 @@ let project = Project(
                 "support/PrivacyInfo.xcprivacy"
             ],
             headers: .headers(
-                public: .list([.glob("macosx_catalyst/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/macos_catalyst/OpenSSL.h"])
+                public: .list([.glob("macosx_catalyst/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/OpenSSL.h"])
             ),
             dependencies: [
                 .library(path: .relativeToRoot("macosx_catalyst/lib/libcrypto.a"), publicHeaders:  .relativeToRoot("macosx_catalyst/include/OpenSSL"), swiftModuleMap: nil, condition: nil),
@@ -184,7 +184,7 @@ let project = Project(
                 "support/PrivacyInfo.xcprivacy"
             ],
             headers: .headers(
-                public: .list([.glob("visionos/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/visionos/OpenSSL.h"])
+                public: .list([.glob("visionos/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/OpenSSL.h"])
             ),
             dependencies: [
                 .library(path: .relativeToRoot("visionos/lib/libcrypto.a"), publicHeaders: .relativeToRoot("visionos/include/OpenSSL"), swiftModuleMap: nil, condition: nil),
@@ -226,7 +226,7 @@ let project = Project(
                 "support/PrivacyInfo.xcprivacy"
             ],
             headers: .headers(
-                public: .list([.glob("visionsimulator/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/visionsimulator/OpenSSL.h"])
+                public: .list([.glob("visionsimulator/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/OpenSSL.h"])
             ),
             dependencies: [
                 .library(path: .relativeToRoot("visionsimulator/lib/libcrypto.a"), publicHeaders: .relativeToRoot("visionsimulator/include/OpenSSL"), swiftModuleMap: nil, condition: nil),
@@ -268,7 +268,7 @@ let project = Project(
                 "support/PrivacyInfo.xcprivacy"
             ],
             headers: .headers(
-                public: .list([.glob("appletvos/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/appletvos/OpenSSL.h"])
+                public: .list([.glob("appletvos/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/OpenSSL.h"])
             ),
             dependencies: [
                 .library(path: .relativeToRoot("appletvos/lib/libcrypto.a"), publicHeaders: .relativeToRoot("appletvos/include/OpenSSL"), swiftModuleMap: nil, condition: nil),
@@ -310,7 +310,7 @@ let project = Project(
                 "support/PrivacyInfo.xcprivacy"
             ],
             headers: .headers(
-                public: .list([.glob("appletvsimulator/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/appletvsimulator/OpenSSL.h"])
+                public: .list([.glob("appletvsimulator/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/OpenSSL.h"])
             ),
             dependencies: [
                 .library(path: .relativeToRoot("appletvsimulator/lib/libcrypto.a"), publicHeaders: .relativeToRoot("appletvsimulator/include/OpenSSL"), swiftModuleMap: nil, condition: nil),
@@ -352,7 +352,7 @@ let project = Project(
                 "support/PrivacyInfo.xcprivacy"
             ],
             headers: .headers(
-                public: .list([.glob("watchos/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/watchos/OpenSSL.h"])
+                public: .list([.glob("watchos/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/OpenSSL.h"])
             ),
             dependencies: [
                 .library(path: .relativeToRoot("watchos/lib/libcrypto.a"), publicHeaders: .relativeToRoot("watchos/include/OpenSSL"), swiftModuleMap: nil, condition: nil),
@@ -394,7 +394,7 @@ let project = Project(
                 "support/PrivacyInfo.xcprivacy"
             ],
             headers: .headers(
-                public: .list([.glob("watchsimulator/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/watchsimulator/OpenSSL.h"])
+                public: .list([.glob("watchsimulator/include/OpenSSL/*.h", excluding: "**/asn1_mac.h"), "support/OpenSSL.h"])
             ),
             dependencies: [
                 .library(path: .relativeToRoot("watchsimulator/lib/libcrypto.a"), publicHeaders: .relativeToRoot("watchsimulator/include/OpenSSL"), swiftModuleMap: nil, condition: nil),
diff --git a/README.md b/README.md
index 92089fa2..74384528 100644
--- a/README.md
+++ b/README.md
@@ -51,7 +51,7 @@ I advised you to use [OpenSSL-Package](https://github.com/krzyzanowskim/OpenSSL-
 
 ```swift
 dependencies: [
-    .package(url: "https://github.com/krzyzanowskim/OpenSSL-Package.git", from: "3.1.6000")
+    .package(url: "https://github.com/krzyzanowskim/OpenSSL-Package.git", from: "3.2.2000")
 ]
 ```
 
diff --git a/appletvos/include/OpenSSL/asn1.h b/appletvos/include/OpenSSL/asn1.h
index 537cce54..ed442559 100644
--- a/appletvos/include/OpenSSL/asn1.h
+++ b/appletvos/include/OpenSSL/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/appletvos/include/OpenSSL/async.h b/appletvos/include/OpenSSL/async.h
index b1d3f3c5..50877f4f 100644
--- a/appletvos/include/OpenSSL/async.h
+++ b/appletvos/include/OpenSSL/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/appletvos/include/OpenSSL/bio.h b/appletvos/include/OpenSSL/bio.h
index a6b5a123..377fd310 100644
--- a/appletvos/include/OpenSSL/bio.h
+++ b/appletvos/include/OpenSSL/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/appletvos/include/OpenSSL/bioerr.h b/appletvos/include/OpenSSL/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/appletvos/include/OpenSSL/bioerr.h
+++ b/appletvos/include/OpenSSL/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/appletvos/include/OpenSSL/bn.h b/appletvos/include/OpenSSL/bn.h
index a085e224..0db1f2ac 100644
--- a/appletvos/include/OpenSSL/bn.h
+++ b/appletvos/include/OpenSSL/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/appletvos/include/OpenSSL/cmp.h b/appletvos/include/OpenSSL/cmp.h
index b6ce7249..342adaef 100644
--- a/appletvos/include/OpenSSL/cmp.h
+++ b/appletvos/include/OpenSSL/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/appletvos/include/OpenSSL/cmperr.h b/appletvos/include/OpenSSL/cmperr.h
index e4f83de0..71fd6353 100644
--- a/appletvos/include/OpenSSL/cmperr.h
+++ b/appletvos/include/OpenSSL/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/appletvos/include/OpenSSL/cms.h b/appletvos/include/OpenSSL/cms.h
index 08223a53..a69da9af 100644
--- a/appletvos/include/OpenSSL/cms.h
+++ b/appletvos/include/OpenSSL/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/appletvos/include/OpenSSL/cmserr.h b/appletvos/include/OpenSSL/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/appletvos/include/OpenSSL/cmserr.h
+++ b/appletvos/include/OpenSSL/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/appletvos/include/OpenSSL/comp.h b/appletvos/include/OpenSSL/comp.h
index fe31acfb..a79df30e 100644
--- a/appletvos/include/OpenSSL/comp.h
+++ b/appletvos/include/OpenSSL/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/appletvos/include/OpenSSL/comperr.h b/appletvos/include/OpenSSL/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/appletvos/include/OpenSSL/comperr.h
+++ b/appletvos/include/OpenSSL/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/appletvos/include/OpenSSL/conf.h b/appletvos/include/OpenSSL/conf.h
index 0d972c0e..581f435d 100644
--- a/appletvos/include/OpenSSL/conf.h
+++ b/appletvos/include/OpenSSL/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/appletvos/include/OpenSSL/configuration.h b/appletvos/include/OpenSSL/configuration.h
index f38adf2f..e53c0dac 100644
--- a/appletvos/include/OpenSSL/configuration.h
+++ b/appletvos/include/OpenSSL/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_tvOS
 #  define OPENSSL_SYS_tvOS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -115,6 +121,9 @@ extern "C" {
 # ifndef OPENSSL_NO_TESTS
 #  define OPENSSL_NO_TESTS
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -130,6 +139,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -151,6 +175,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/appletvos/include/OpenSSL/core.h b/appletvos/include/OpenSSL/core.h
index faf76e25..ca784d25 100644
--- a/appletvos/include/OpenSSL/core.h
+++ b/appletvos/include/OpenSSL/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/appletvos/include/OpenSSL/core_dispatch.h b/appletvos/include/OpenSSL/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/appletvos/include/OpenSSL/core_dispatch.h
+++ b/appletvos/include/OpenSSL/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/appletvos/include/OpenSSL/core_names.h b/appletvos/include/OpenSSL/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/appletvos/include/OpenSSL/core_names.h
+++ b/appletvos/include/OpenSSL/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/appletvos/include/OpenSSL/crmf.h b/appletvos/include/OpenSSL/crmf.h
index 2ba1f045..046c5a61 100644
--- a/appletvos/include/OpenSSL/crmf.h
+++ b/appletvos/include/OpenSSL/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/appletvos/include/OpenSSL/crypto.h b/appletvos/include/OpenSSL/crypto.h
index 76489c62..103801de 100644
--- a/appletvos/include/OpenSSL/crypto.h
+++ b/appletvos/include/OpenSSL/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/appletvos/include/OpenSSL/ct.h b/appletvos/include/OpenSSL/ct.h
index a7a581be..256b394d 100644
--- a/appletvos/include/OpenSSL/ct.h
+++ b/appletvos/include/OpenSSL/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/appletvos/include/OpenSSL/dherr.h b/appletvos/include/OpenSSL/dherr.h
index e6855341..faeefcf0 100644
--- a/appletvos/include/OpenSSL/dherr.h
+++ b/appletvos/include/OpenSSL/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/appletvos/include/OpenSSL/dsa.h b/appletvos/include/OpenSSL/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/appletvos/include/OpenSSL/dsa.h
+++ b/appletvos/include/OpenSSL/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/appletvos/include/OpenSSL/e_os2.h b/appletvos/include/OpenSSL/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/appletvos/include/OpenSSL/e_os2.h
+++ b/appletvos/include/OpenSSL/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/appletvos/include/OpenSSL/e_ostime.h b/appletvos/include/OpenSSL/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/appletvos/include/OpenSSL/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/appletvos/include/OpenSSL/ec.h b/appletvos/include/OpenSSL/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/appletvos/include/OpenSSL/ec.h
+++ b/appletvos/include/OpenSSL/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/appletvos/include/OpenSSL/err.h b/appletvos/include/OpenSSL/err.h
index e980e5b9..42124abc 100644
--- a/appletvos/include/OpenSSL/err.h
+++ b/appletvos/include/OpenSSL/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/appletvos/include/OpenSSL/evp.h b/appletvos/include/OpenSSL/evp.h
index fb55e4d1..c8290eba 100644
--- a/appletvos/include/OpenSSL/evp.h
+++ b/appletvos/include/OpenSSL/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/appletvos/include/OpenSSL/evperr.h b/appletvos/include/OpenSSL/evperr.h
index bc519f98..f36141af 100644
--- a/appletvos/include/OpenSSL/evperr.h
+++ b/appletvos/include/OpenSSL/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/appletvos/include/OpenSSL/hpke.h b/appletvos/include/OpenSSL/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/appletvos/include/OpenSSL/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/appletvos/include/OpenSSL/http.h b/appletvos/include/OpenSSL/http.h
index e3f7c8bd..d33cc797 100644
--- a/appletvos/include/OpenSSL/http.h
+++ b/appletvos/include/OpenSSL/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/appletvos/include/OpenSSL/lhash.h b/appletvos/include/OpenSSL/lhash.h
index e49b5057..ea77b654 100644
--- a/appletvos/include/OpenSSL/lhash.h
+++ b/appletvos/include/OpenSSL/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/appletvos/include/OpenSSL/macros.h b/appletvos/include/OpenSSL/macros.h
index 9f9a7abb..fd950888 100644
--- a/appletvos/include/OpenSSL/macros.h
+++ b/appletvos/include/OpenSSL/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/appletvos/include/OpenSSL/obj_mac.h b/appletvos/include/OpenSSL/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/appletvos/include/OpenSSL/obj_mac.h
+++ b/appletvos/include/OpenSSL/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/appletvos/include/OpenSSL/opensslv.h b/appletvos/include/OpenSSL/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/appletvos/include/OpenSSL/opensslv.h
+++ b/appletvos/include/OpenSSL/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/appletvos/include/OpenSSL/pem.h b/appletvos/include/OpenSSL/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/appletvos/include/OpenSSL/pem.h
+++ b/appletvos/include/OpenSSL/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/appletvos/include/OpenSSL/pkcs12.h b/appletvos/include/OpenSSL/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/appletvos/include/OpenSSL/pkcs12.h
+++ b/appletvos/include/OpenSSL/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/appletvos/include/OpenSSL/pkcs12err.h b/appletvos/include/OpenSSL/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/appletvos/include/OpenSSL/pkcs12err.h
+++ b/appletvos/include/OpenSSL/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/appletvos/include/OpenSSL/pkcs7.h b/appletvos/include/OpenSSL/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/appletvos/include/OpenSSL/pkcs7.h
+++ b/appletvos/include/OpenSSL/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/appletvos/include/OpenSSL/prov_ssl.h b/appletvos/include/OpenSSL/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/appletvos/include/OpenSSL/prov_ssl.h
+++ b/appletvos/include/OpenSSL/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/appletvos/include/OpenSSL/proverr.h b/appletvos/include/OpenSSL/proverr.h
index 9502d07f..094b212c 100644
--- a/appletvos/include/OpenSSL/proverr.h
+++ b/appletvos/include/OpenSSL/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/appletvos/include/OpenSSL/provider.h b/appletvos/include/OpenSSL/provider.h
index dc684007..174aaaff 100644
--- a/appletvos/include/OpenSSL/provider.h
+++ b/appletvos/include/OpenSSL/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/appletvos/include/OpenSSL/quic.h b/appletvos/include/OpenSSL/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/appletvos/include/OpenSSL/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/appletvos/include/OpenSSL/rand.h b/appletvos/include/OpenSSL/rand.h
index 886a174d..fbc3a5cf 100644
--- a/appletvos/include/OpenSSL/rand.h
+++ b/appletvos/include/OpenSSL/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/appletvos/include/OpenSSL/rsa.h b/appletvos/include/OpenSSL/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/appletvos/include/OpenSSL/rsa.h
+++ b/appletvos/include/OpenSSL/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/appletvos/include/OpenSSL/sha.h b/appletvos/include/OpenSSL/sha.h
index 3dce5cd7..967279a7 100644
--- a/appletvos/include/OpenSSL/sha.h
+++ b/appletvos/include/OpenSSL/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/appletvos/include/OpenSSL/srtp.h b/appletvos/include/OpenSSL/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/appletvos/include/OpenSSL/srtp.h
+++ b/appletvos/include/OpenSSL/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/appletvos/include/OpenSSL/ssl.h b/appletvos/include/OpenSSL/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/appletvos/include/OpenSSL/ssl.h
+++ b/appletvos/include/OpenSSL/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/appletvos/include/OpenSSL/ssl3.h b/appletvos/include/OpenSSL/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/appletvos/include/OpenSSL/ssl3.h
+++ b/appletvos/include/OpenSSL/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/appletvos/include/OpenSSL/sslerr.h b/appletvos/include/OpenSSL/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/appletvos/include/OpenSSL/sslerr.h
+++ b/appletvos/include/OpenSSL/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/appletvos/include/OpenSSL/store.h b/appletvos/include/OpenSSL/store.h
index a5cbcdd1..ed0b6254 100644
--- a/appletvos/include/OpenSSL/store.h
+++ b/appletvos/include/OpenSSL/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/appletvos/include/OpenSSL/thread.h b/appletvos/include/OpenSSL/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/appletvos/include/OpenSSL/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/appletvos/include/OpenSSL/tls1.h b/appletvos/include/OpenSSL/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/appletvos/include/OpenSSL/tls1.h
+++ b/appletvos/include/OpenSSL/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/appletvos/include/OpenSSL/trace.h b/appletvos/include/OpenSSL/trace.h
index 3064a013..5d0fd9e6 100644
--- a/appletvos/include/OpenSSL/trace.h
+++ b/appletvos/include/OpenSSL/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/appletvos/include/OpenSSL/ts.h b/appletvos/include/OpenSSL/ts.h
index 9d669a64..a7302824 100644
--- a/appletvos/include/OpenSSL/ts.h
+++ b/appletvos/include/OpenSSL/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/appletvos/include/OpenSSL/types.h b/appletvos/include/OpenSSL/types.h
index b2281f69..413c20c5 100644
--- a/appletvos/include/OpenSSL/types.h
+++ b/appletvos/include/OpenSSL/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/appletvos/include/OpenSSL/x509.h b/appletvos/include/OpenSSL/x509.h
index 88cde83c..9dbb2b97 100644
--- a/appletvos/include/OpenSSL/x509.h
+++ b/appletvos/include/OpenSSL/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/appletvos/include/OpenSSL/x509_vfy.h b/appletvos/include/OpenSSL/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/appletvos/include/OpenSSL/x509_vfy.h
+++ b/appletvos/include/OpenSSL/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/appletvos/include/OpenSSL/x509err.h b/appletvos/include/OpenSSL/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/appletvos/include/OpenSSL/x509err.h
+++ b/appletvos/include/OpenSSL/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/appletvos/include/OpenSSL/x509v3.h b/appletvos/include/OpenSSL/x509v3.h
index ffe75e56..897f02f1 100644
--- a/appletvos/include/OpenSSL/x509v3.h
+++ b/appletvos/include/OpenSSL/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/appletvos/include/OpenSSL/x509v3err.h b/appletvos/include/OpenSSL/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/appletvos/include/OpenSSL/x509v3err.h
+++ b/appletvos/include/OpenSSL/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/appletvos/lib/libcrypto.a b/appletvos/lib/libcrypto.a
index 62f051d5..7036453f 100644
Binary files a/appletvos/lib/libcrypto.a and b/appletvos/lib/libcrypto.a differ
diff --git a/appletvos/lib/libssl.a b/appletvos/lib/libssl.a
index 0f255711..41575820 100644
Binary files a/appletvos/lib/libssl.a and b/appletvos/lib/libssl.a differ
diff --git a/appletvsimulator/include/OpenSSL/asn1.h b/appletvsimulator/include/OpenSSL/asn1.h
index 537cce54..ed442559 100644
--- a/appletvsimulator/include/OpenSSL/asn1.h
+++ b/appletvsimulator/include/OpenSSL/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/appletvsimulator/include/OpenSSL/async.h b/appletvsimulator/include/OpenSSL/async.h
index b1d3f3c5..50877f4f 100644
--- a/appletvsimulator/include/OpenSSL/async.h
+++ b/appletvsimulator/include/OpenSSL/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/appletvsimulator/include/OpenSSL/bio.h b/appletvsimulator/include/OpenSSL/bio.h
index a6b5a123..377fd310 100644
--- a/appletvsimulator/include/OpenSSL/bio.h
+++ b/appletvsimulator/include/OpenSSL/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/appletvsimulator/include/OpenSSL/bioerr.h b/appletvsimulator/include/OpenSSL/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/appletvsimulator/include/OpenSSL/bioerr.h
+++ b/appletvsimulator/include/OpenSSL/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/appletvsimulator/include/OpenSSL/bn.h b/appletvsimulator/include/OpenSSL/bn.h
index a085e224..0db1f2ac 100644
--- a/appletvsimulator/include/OpenSSL/bn.h
+++ b/appletvsimulator/include/OpenSSL/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/appletvsimulator/include/OpenSSL/cmp.h b/appletvsimulator/include/OpenSSL/cmp.h
index b6ce7249..342adaef 100644
--- a/appletvsimulator/include/OpenSSL/cmp.h
+++ b/appletvsimulator/include/OpenSSL/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/appletvsimulator/include/OpenSSL/cmperr.h b/appletvsimulator/include/OpenSSL/cmperr.h
index e4f83de0..71fd6353 100644
--- a/appletvsimulator/include/OpenSSL/cmperr.h
+++ b/appletvsimulator/include/OpenSSL/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/appletvsimulator/include/OpenSSL/cms.h b/appletvsimulator/include/OpenSSL/cms.h
index 08223a53..a69da9af 100644
--- a/appletvsimulator/include/OpenSSL/cms.h
+++ b/appletvsimulator/include/OpenSSL/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/appletvsimulator/include/OpenSSL/cmserr.h b/appletvsimulator/include/OpenSSL/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/appletvsimulator/include/OpenSSL/cmserr.h
+++ b/appletvsimulator/include/OpenSSL/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/appletvsimulator/include/OpenSSL/comp.h b/appletvsimulator/include/OpenSSL/comp.h
index fe31acfb..a79df30e 100644
--- a/appletvsimulator/include/OpenSSL/comp.h
+++ b/appletvsimulator/include/OpenSSL/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/appletvsimulator/include/OpenSSL/comperr.h b/appletvsimulator/include/OpenSSL/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/appletvsimulator/include/OpenSSL/comperr.h
+++ b/appletvsimulator/include/OpenSSL/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/appletvsimulator/include/OpenSSL/conf.h b/appletvsimulator/include/OpenSSL/conf.h
index 0d972c0e..581f435d 100644
--- a/appletvsimulator/include/OpenSSL/conf.h
+++ b/appletvsimulator/include/OpenSSL/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/appletvsimulator/include/OpenSSL/configuration.h b/appletvsimulator/include/OpenSSL/configuration.h
index f38adf2f..e53c0dac 100644
--- a/appletvsimulator/include/OpenSSL/configuration.h
+++ b/appletvsimulator/include/OpenSSL/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_tvOS
 #  define OPENSSL_SYS_tvOS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -115,6 +121,9 @@ extern "C" {
 # ifndef OPENSSL_NO_TESTS
 #  define OPENSSL_NO_TESTS
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -130,6 +139,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -151,6 +175,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/appletvsimulator/include/OpenSSL/core.h b/appletvsimulator/include/OpenSSL/core.h
index faf76e25..ca784d25 100644
--- a/appletvsimulator/include/OpenSSL/core.h
+++ b/appletvsimulator/include/OpenSSL/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/appletvsimulator/include/OpenSSL/core_dispatch.h b/appletvsimulator/include/OpenSSL/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/appletvsimulator/include/OpenSSL/core_dispatch.h
+++ b/appletvsimulator/include/OpenSSL/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/appletvsimulator/include/OpenSSL/core_names.h b/appletvsimulator/include/OpenSSL/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/appletvsimulator/include/OpenSSL/core_names.h
+++ b/appletvsimulator/include/OpenSSL/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/appletvsimulator/include/OpenSSL/crmf.h b/appletvsimulator/include/OpenSSL/crmf.h
index 2ba1f045..046c5a61 100644
--- a/appletvsimulator/include/OpenSSL/crmf.h
+++ b/appletvsimulator/include/OpenSSL/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/appletvsimulator/include/OpenSSL/crypto.h b/appletvsimulator/include/OpenSSL/crypto.h
index 76489c62..103801de 100644
--- a/appletvsimulator/include/OpenSSL/crypto.h
+++ b/appletvsimulator/include/OpenSSL/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/appletvsimulator/include/OpenSSL/ct.h b/appletvsimulator/include/OpenSSL/ct.h
index a7a581be..256b394d 100644
--- a/appletvsimulator/include/OpenSSL/ct.h
+++ b/appletvsimulator/include/OpenSSL/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/appletvsimulator/include/OpenSSL/dherr.h b/appletvsimulator/include/OpenSSL/dherr.h
index e6855341..faeefcf0 100644
--- a/appletvsimulator/include/OpenSSL/dherr.h
+++ b/appletvsimulator/include/OpenSSL/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/appletvsimulator/include/OpenSSL/dsa.h b/appletvsimulator/include/OpenSSL/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/appletvsimulator/include/OpenSSL/dsa.h
+++ b/appletvsimulator/include/OpenSSL/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/appletvsimulator/include/OpenSSL/e_os2.h b/appletvsimulator/include/OpenSSL/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/appletvsimulator/include/OpenSSL/e_os2.h
+++ b/appletvsimulator/include/OpenSSL/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/appletvsimulator/include/OpenSSL/e_ostime.h b/appletvsimulator/include/OpenSSL/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/appletvsimulator/include/OpenSSL/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/appletvsimulator/include/OpenSSL/ec.h b/appletvsimulator/include/OpenSSL/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/appletvsimulator/include/OpenSSL/ec.h
+++ b/appletvsimulator/include/OpenSSL/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/appletvsimulator/include/OpenSSL/err.h b/appletvsimulator/include/OpenSSL/err.h
index e980e5b9..42124abc 100644
--- a/appletvsimulator/include/OpenSSL/err.h
+++ b/appletvsimulator/include/OpenSSL/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/appletvsimulator/include/OpenSSL/evp.h b/appletvsimulator/include/OpenSSL/evp.h
index fb55e4d1..c8290eba 100644
--- a/appletvsimulator/include/OpenSSL/evp.h
+++ b/appletvsimulator/include/OpenSSL/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/appletvsimulator/include/OpenSSL/evperr.h b/appletvsimulator/include/OpenSSL/evperr.h
index bc519f98..f36141af 100644
--- a/appletvsimulator/include/OpenSSL/evperr.h
+++ b/appletvsimulator/include/OpenSSL/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/appletvsimulator/include/OpenSSL/hpke.h b/appletvsimulator/include/OpenSSL/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/appletvsimulator/include/OpenSSL/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/appletvsimulator/include/OpenSSL/http.h b/appletvsimulator/include/OpenSSL/http.h
index e3f7c8bd..d33cc797 100644
--- a/appletvsimulator/include/OpenSSL/http.h
+++ b/appletvsimulator/include/OpenSSL/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/appletvsimulator/include/OpenSSL/lhash.h b/appletvsimulator/include/OpenSSL/lhash.h
index e49b5057..ea77b654 100644
--- a/appletvsimulator/include/OpenSSL/lhash.h
+++ b/appletvsimulator/include/OpenSSL/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/appletvsimulator/include/OpenSSL/macros.h b/appletvsimulator/include/OpenSSL/macros.h
index 9f9a7abb..fd950888 100644
--- a/appletvsimulator/include/OpenSSL/macros.h
+++ b/appletvsimulator/include/OpenSSL/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/appletvsimulator/include/OpenSSL/obj_mac.h b/appletvsimulator/include/OpenSSL/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/appletvsimulator/include/OpenSSL/obj_mac.h
+++ b/appletvsimulator/include/OpenSSL/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/appletvsimulator/include/OpenSSL/opensslv.h b/appletvsimulator/include/OpenSSL/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/appletvsimulator/include/OpenSSL/opensslv.h
+++ b/appletvsimulator/include/OpenSSL/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/appletvsimulator/include/OpenSSL/pem.h b/appletvsimulator/include/OpenSSL/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/appletvsimulator/include/OpenSSL/pem.h
+++ b/appletvsimulator/include/OpenSSL/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/appletvsimulator/include/OpenSSL/pkcs12.h b/appletvsimulator/include/OpenSSL/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/appletvsimulator/include/OpenSSL/pkcs12.h
+++ b/appletvsimulator/include/OpenSSL/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/appletvsimulator/include/OpenSSL/pkcs12err.h b/appletvsimulator/include/OpenSSL/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/appletvsimulator/include/OpenSSL/pkcs12err.h
+++ b/appletvsimulator/include/OpenSSL/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/appletvsimulator/include/OpenSSL/pkcs7.h b/appletvsimulator/include/OpenSSL/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/appletvsimulator/include/OpenSSL/pkcs7.h
+++ b/appletvsimulator/include/OpenSSL/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/appletvsimulator/include/OpenSSL/prov_ssl.h b/appletvsimulator/include/OpenSSL/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/appletvsimulator/include/OpenSSL/prov_ssl.h
+++ b/appletvsimulator/include/OpenSSL/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/appletvsimulator/include/OpenSSL/proverr.h b/appletvsimulator/include/OpenSSL/proverr.h
index 9502d07f..094b212c 100644
--- a/appletvsimulator/include/OpenSSL/proverr.h
+++ b/appletvsimulator/include/OpenSSL/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/appletvsimulator/include/OpenSSL/provider.h b/appletvsimulator/include/OpenSSL/provider.h
index dc684007..174aaaff 100644
--- a/appletvsimulator/include/OpenSSL/provider.h
+++ b/appletvsimulator/include/OpenSSL/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/appletvsimulator/include/OpenSSL/quic.h b/appletvsimulator/include/OpenSSL/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/appletvsimulator/include/OpenSSL/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/appletvsimulator/include/OpenSSL/rand.h b/appletvsimulator/include/OpenSSL/rand.h
index 886a174d..fbc3a5cf 100644
--- a/appletvsimulator/include/OpenSSL/rand.h
+++ b/appletvsimulator/include/OpenSSL/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/appletvsimulator/include/OpenSSL/rsa.h b/appletvsimulator/include/OpenSSL/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/appletvsimulator/include/OpenSSL/rsa.h
+++ b/appletvsimulator/include/OpenSSL/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/appletvsimulator/include/OpenSSL/sha.h b/appletvsimulator/include/OpenSSL/sha.h
index 3dce5cd7..967279a7 100644
--- a/appletvsimulator/include/OpenSSL/sha.h
+++ b/appletvsimulator/include/OpenSSL/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/appletvsimulator/include/OpenSSL/srtp.h b/appletvsimulator/include/OpenSSL/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/appletvsimulator/include/OpenSSL/srtp.h
+++ b/appletvsimulator/include/OpenSSL/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/appletvsimulator/include/OpenSSL/ssl.h b/appletvsimulator/include/OpenSSL/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/appletvsimulator/include/OpenSSL/ssl.h
+++ b/appletvsimulator/include/OpenSSL/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/appletvsimulator/include/OpenSSL/ssl3.h b/appletvsimulator/include/OpenSSL/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/appletvsimulator/include/OpenSSL/ssl3.h
+++ b/appletvsimulator/include/OpenSSL/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/appletvsimulator/include/OpenSSL/sslerr.h b/appletvsimulator/include/OpenSSL/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/appletvsimulator/include/OpenSSL/sslerr.h
+++ b/appletvsimulator/include/OpenSSL/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/appletvsimulator/include/OpenSSL/store.h b/appletvsimulator/include/OpenSSL/store.h
index a5cbcdd1..ed0b6254 100644
--- a/appletvsimulator/include/OpenSSL/store.h
+++ b/appletvsimulator/include/OpenSSL/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/appletvsimulator/include/OpenSSL/thread.h b/appletvsimulator/include/OpenSSL/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/appletvsimulator/include/OpenSSL/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/appletvsimulator/include/OpenSSL/tls1.h b/appletvsimulator/include/OpenSSL/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/appletvsimulator/include/OpenSSL/tls1.h
+++ b/appletvsimulator/include/OpenSSL/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/appletvsimulator/include/OpenSSL/trace.h b/appletvsimulator/include/OpenSSL/trace.h
index 3064a013..5d0fd9e6 100644
--- a/appletvsimulator/include/OpenSSL/trace.h
+++ b/appletvsimulator/include/OpenSSL/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/appletvsimulator/include/OpenSSL/ts.h b/appletvsimulator/include/OpenSSL/ts.h
index 9d669a64..a7302824 100644
--- a/appletvsimulator/include/OpenSSL/ts.h
+++ b/appletvsimulator/include/OpenSSL/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/appletvsimulator/include/OpenSSL/types.h b/appletvsimulator/include/OpenSSL/types.h
index b2281f69..413c20c5 100644
--- a/appletvsimulator/include/OpenSSL/types.h
+++ b/appletvsimulator/include/OpenSSL/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/appletvsimulator/include/OpenSSL/x509.h b/appletvsimulator/include/OpenSSL/x509.h
index 88cde83c..9dbb2b97 100644
--- a/appletvsimulator/include/OpenSSL/x509.h
+++ b/appletvsimulator/include/OpenSSL/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/appletvsimulator/include/OpenSSL/x509_vfy.h b/appletvsimulator/include/OpenSSL/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/appletvsimulator/include/OpenSSL/x509_vfy.h
+++ b/appletvsimulator/include/OpenSSL/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/appletvsimulator/include/OpenSSL/x509err.h b/appletvsimulator/include/OpenSSL/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/appletvsimulator/include/OpenSSL/x509err.h
+++ b/appletvsimulator/include/OpenSSL/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/appletvsimulator/include/OpenSSL/x509v3.h b/appletvsimulator/include/OpenSSL/x509v3.h
index ffe75e56..897f02f1 100644
--- a/appletvsimulator/include/OpenSSL/x509v3.h
+++ b/appletvsimulator/include/OpenSSL/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/appletvsimulator/include/OpenSSL/x509v3err.h b/appletvsimulator/include/OpenSSL/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/appletvsimulator/include/OpenSSL/x509v3err.h
+++ b/appletvsimulator/include/OpenSSL/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/appletvsimulator/lib/libcrypto.a b/appletvsimulator/lib/libcrypto.a
index bf5afd22..f761c125 100644
Binary files a/appletvsimulator/lib/libcrypto.a and b/appletvsimulator/lib/libcrypto.a differ
diff --git a/appletvsimulator/lib/libssl.a b/appletvsimulator/lib/libssl.a
index b81c6758..d185656a 100644
Binary files a/appletvsimulator/lib/libssl.a and b/appletvsimulator/lib/libssl.a differ
diff --git a/iphoneos/include/OpenSSL/asn1.h b/iphoneos/include/OpenSSL/asn1.h
index 537cce54..ed442559 100644
--- a/iphoneos/include/OpenSSL/asn1.h
+++ b/iphoneos/include/OpenSSL/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/iphoneos/include/OpenSSL/async.h b/iphoneos/include/OpenSSL/async.h
index b1d3f3c5..50877f4f 100644
--- a/iphoneos/include/OpenSSL/async.h
+++ b/iphoneos/include/OpenSSL/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/iphoneos/include/OpenSSL/bio.h b/iphoneos/include/OpenSSL/bio.h
index a6b5a123..377fd310 100644
--- a/iphoneos/include/OpenSSL/bio.h
+++ b/iphoneos/include/OpenSSL/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/iphoneos/include/OpenSSL/bioerr.h b/iphoneos/include/OpenSSL/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/iphoneos/include/OpenSSL/bioerr.h
+++ b/iphoneos/include/OpenSSL/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/iphoneos/include/OpenSSL/bn.h b/iphoneos/include/OpenSSL/bn.h
index a085e224..0db1f2ac 100644
--- a/iphoneos/include/OpenSSL/bn.h
+++ b/iphoneos/include/OpenSSL/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/iphoneos/include/OpenSSL/cmp.h b/iphoneos/include/OpenSSL/cmp.h
index b6ce7249..342adaef 100644
--- a/iphoneos/include/OpenSSL/cmp.h
+++ b/iphoneos/include/OpenSSL/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/iphoneos/include/OpenSSL/cmperr.h b/iphoneos/include/OpenSSL/cmperr.h
index e4f83de0..71fd6353 100644
--- a/iphoneos/include/OpenSSL/cmperr.h
+++ b/iphoneos/include/OpenSSL/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/iphoneos/include/OpenSSL/cms.h b/iphoneos/include/OpenSSL/cms.h
index 08223a53..a69da9af 100644
--- a/iphoneos/include/OpenSSL/cms.h
+++ b/iphoneos/include/OpenSSL/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/iphoneos/include/OpenSSL/cmserr.h b/iphoneos/include/OpenSSL/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/iphoneos/include/OpenSSL/cmserr.h
+++ b/iphoneos/include/OpenSSL/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/iphoneos/include/OpenSSL/comp.h b/iphoneos/include/OpenSSL/comp.h
index fe31acfb..a79df30e 100644
--- a/iphoneos/include/OpenSSL/comp.h
+++ b/iphoneos/include/OpenSSL/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/iphoneos/include/OpenSSL/comperr.h b/iphoneos/include/OpenSSL/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/iphoneos/include/OpenSSL/comperr.h
+++ b/iphoneos/include/OpenSSL/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/iphoneos/include/OpenSSL/conf.h b/iphoneos/include/OpenSSL/conf.h
index 0d972c0e..581f435d 100644
--- a/iphoneos/include/OpenSSL/conf.h
+++ b/iphoneos/include/OpenSSL/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/iphoneos/include/OpenSSL/configuration.h b/iphoneos/include/OpenSSL/configuration.h
index 960c84c5..09071376 100644
--- a/iphoneos/include/OpenSSL/configuration.h
+++ b/iphoneos/include/OpenSSL/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_iOS
 #  define OPENSSL_SYS_iOS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -112,6 +118,9 @@ extern "C" {
 # ifndef OPENSSL_NO_SSL3_METHOD
 #  define OPENSSL_NO_SSL3_METHOD
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -127,6 +136,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -148,6 +172,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/iphoneos/include/OpenSSL/core.h b/iphoneos/include/OpenSSL/core.h
index faf76e25..ca784d25 100644
--- a/iphoneos/include/OpenSSL/core.h
+++ b/iphoneos/include/OpenSSL/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/iphoneos/include/OpenSSL/core_dispatch.h b/iphoneos/include/OpenSSL/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/iphoneos/include/OpenSSL/core_dispatch.h
+++ b/iphoneos/include/OpenSSL/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/iphoneos/include/OpenSSL/core_names.h b/iphoneos/include/OpenSSL/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/iphoneos/include/OpenSSL/core_names.h
+++ b/iphoneos/include/OpenSSL/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/iphoneos/include/OpenSSL/crmf.h b/iphoneos/include/OpenSSL/crmf.h
index 2ba1f045..046c5a61 100644
--- a/iphoneos/include/OpenSSL/crmf.h
+++ b/iphoneos/include/OpenSSL/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/iphoneos/include/OpenSSL/crypto.h b/iphoneos/include/OpenSSL/crypto.h
index 76489c62..103801de 100644
--- a/iphoneos/include/OpenSSL/crypto.h
+++ b/iphoneos/include/OpenSSL/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/iphoneos/include/OpenSSL/ct.h b/iphoneos/include/OpenSSL/ct.h
index a7a581be..256b394d 100644
--- a/iphoneos/include/OpenSSL/ct.h
+++ b/iphoneos/include/OpenSSL/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/iphoneos/include/OpenSSL/dherr.h b/iphoneos/include/OpenSSL/dherr.h
index e6855341..faeefcf0 100644
--- a/iphoneos/include/OpenSSL/dherr.h
+++ b/iphoneos/include/OpenSSL/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/iphoneos/include/OpenSSL/dsa.h b/iphoneos/include/OpenSSL/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/iphoneos/include/OpenSSL/dsa.h
+++ b/iphoneos/include/OpenSSL/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/iphoneos/include/OpenSSL/e_os2.h b/iphoneos/include/OpenSSL/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/iphoneos/include/OpenSSL/e_os2.h
+++ b/iphoneos/include/OpenSSL/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/iphoneos/include/OpenSSL/e_ostime.h b/iphoneos/include/OpenSSL/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/iphoneos/include/OpenSSL/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/iphoneos/include/OpenSSL/ec.h b/iphoneos/include/OpenSSL/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/iphoneos/include/OpenSSL/ec.h
+++ b/iphoneos/include/OpenSSL/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/iphoneos/include/OpenSSL/err.h b/iphoneos/include/OpenSSL/err.h
index e980e5b9..42124abc 100644
--- a/iphoneos/include/OpenSSL/err.h
+++ b/iphoneos/include/OpenSSL/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/iphoneos/include/OpenSSL/evp.h b/iphoneos/include/OpenSSL/evp.h
index fb55e4d1..c8290eba 100644
--- a/iphoneos/include/OpenSSL/evp.h
+++ b/iphoneos/include/OpenSSL/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/iphoneos/include/OpenSSL/evperr.h b/iphoneos/include/OpenSSL/evperr.h
index bc519f98..f36141af 100644
--- a/iphoneos/include/OpenSSL/evperr.h
+++ b/iphoneos/include/OpenSSL/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/iphoneos/include/OpenSSL/hpke.h b/iphoneos/include/OpenSSL/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/iphoneos/include/OpenSSL/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/iphoneos/include/OpenSSL/http.h b/iphoneos/include/OpenSSL/http.h
index e3f7c8bd..d33cc797 100644
--- a/iphoneos/include/OpenSSL/http.h
+++ b/iphoneos/include/OpenSSL/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/iphoneos/include/OpenSSL/lhash.h b/iphoneos/include/OpenSSL/lhash.h
index e49b5057..ea77b654 100644
--- a/iphoneos/include/OpenSSL/lhash.h
+++ b/iphoneos/include/OpenSSL/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/iphoneos/include/OpenSSL/macros.h b/iphoneos/include/OpenSSL/macros.h
index 9f9a7abb..fd950888 100644
--- a/iphoneos/include/OpenSSL/macros.h
+++ b/iphoneos/include/OpenSSL/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/iphoneos/include/OpenSSL/obj_mac.h b/iphoneos/include/OpenSSL/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/iphoneos/include/OpenSSL/obj_mac.h
+++ b/iphoneos/include/OpenSSL/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/iphoneos/include/OpenSSL/opensslv.h b/iphoneos/include/OpenSSL/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/iphoneos/include/OpenSSL/opensslv.h
+++ b/iphoneos/include/OpenSSL/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/iphoneos/include/OpenSSL/pem.h b/iphoneos/include/OpenSSL/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/iphoneos/include/OpenSSL/pem.h
+++ b/iphoneos/include/OpenSSL/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/iphoneos/include/OpenSSL/pkcs12.h b/iphoneos/include/OpenSSL/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/iphoneos/include/OpenSSL/pkcs12.h
+++ b/iphoneos/include/OpenSSL/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/iphoneos/include/OpenSSL/pkcs12err.h b/iphoneos/include/OpenSSL/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/iphoneos/include/OpenSSL/pkcs12err.h
+++ b/iphoneos/include/OpenSSL/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/iphoneos/include/OpenSSL/pkcs7.h b/iphoneos/include/OpenSSL/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/iphoneos/include/OpenSSL/pkcs7.h
+++ b/iphoneos/include/OpenSSL/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/iphoneos/include/OpenSSL/prov_ssl.h b/iphoneos/include/OpenSSL/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/iphoneos/include/OpenSSL/prov_ssl.h
+++ b/iphoneos/include/OpenSSL/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/iphoneos/include/OpenSSL/proverr.h b/iphoneos/include/OpenSSL/proverr.h
index 9502d07f..094b212c 100644
--- a/iphoneos/include/OpenSSL/proverr.h
+++ b/iphoneos/include/OpenSSL/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/iphoneos/include/OpenSSL/provider.h b/iphoneos/include/OpenSSL/provider.h
index dc684007..174aaaff 100644
--- a/iphoneos/include/OpenSSL/provider.h
+++ b/iphoneos/include/OpenSSL/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/iphoneos/include/OpenSSL/quic.h b/iphoneos/include/OpenSSL/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/iphoneos/include/OpenSSL/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/iphoneos/include/OpenSSL/rand.h b/iphoneos/include/OpenSSL/rand.h
index 886a174d..fbc3a5cf 100644
--- a/iphoneos/include/OpenSSL/rand.h
+++ b/iphoneos/include/OpenSSL/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/iphoneos/include/OpenSSL/rsa.h b/iphoneos/include/OpenSSL/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/iphoneos/include/OpenSSL/rsa.h
+++ b/iphoneos/include/OpenSSL/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/iphoneos/include/OpenSSL/sha.h b/iphoneos/include/OpenSSL/sha.h
index 3dce5cd7..967279a7 100644
--- a/iphoneos/include/OpenSSL/sha.h
+++ b/iphoneos/include/OpenSSL/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/iphoneos/include/OpenSSL/srtp.h b/iphoneos/include/OpenSSL/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/iphoneos/include/OpenSSL/srtp.h
+++ b/iphoneos/include/OpenSSL/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/iphoneos/include/OpenSSL/ssl.h b/iphoneos/include/OpenSSL/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/iphoneos/include/OpenSSL/ssl.h
+++ b/iphoneos/include/OpenSSL/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/iphoneos/include/OpenSSL/ssl3.h b/iphoneos/include/OpenSSL/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/iphoneos/include/OpenSSL/ssl3.h
+++ b/iphoneos/include/OpenSSL/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/iphoneos/include/OpenSSL/sslerr.h b/iphoneos/include/OpenSSL/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/iphoneos/include/OpenSSL/sslerr.h
+++ b/iphoneos/include/OpenSSL/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/iphoneos/include/OpenSSL/store.h b/iphoneos/include/OpenSSL/store.h
index a5cbcdd1..ed0b6254 100644
--- a/iphoneos/include/OpenSSL/store.h
+++ b/iphoneos/include/OpenSSL/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/iphoneos/include/OpenSSL/thread.h b/iphoneos/include/OpenSSL/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/iphoneos/include/OpenSSL/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/iphoneos/include/OpenSSL/tls1.h b/iphoneos/include/OpenSSL/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/iphoneos/include/OpenSSL/tls1.h
+++ b/iphoneos/include/OpenSSL/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/iphoneos/include/OpenSSL/trace.h b/iphoneos/include/OpenSSL/trace.h
index 3064a013..5d0fd9e6 100644
--- a/iphoneos/include/OpenSSL/trace.h
+++ b/iphoneos/include/OpenSSL/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/iphoneos/include/OpenSSL/ts.h b/iphoneos/include/OpenSSL/ts.h
index 9d669a64..a7302824 100644
--- a/iphoneos/include/OpenSSL/ts.h
+++ b/iphoneos/include/OpenSSL/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/iphoneos/include/OpenSSL/types.h b/iphoneos/include/OpenSSL/types.h
index b2281f69..413c20c5 100644
--- a/iphoneos/include/OpenSSL/types.h
+++ b/iphoneos/include/OpenSSL/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/iphoneos/include/OpenSSL/x509.h b/iphoneos/include/OpenSSL/x509.h
index 88cde83c..9dbb2b97 100644
--- a/iphoneos/include/OpenSSL/x509.h
+++ b/iphoneos/include/OpenSSL/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/iphoneos/include/OpenSSL/x509_vfy.h b/iphoneos/include/OpenSSL/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/iphoneos/include/OpenSSL/x509_vfy.h
+++ b/iphoneos/include/OpenSSL/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/iphoneos/include/OpenSSL/x509err.h b/iphoneos/include/OpenSSL/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/iphoneos/include/OpenSSL/x509err.h
+++ b/iphoneos/include/OpenSSL/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/iphoneos/include/OpenSSL/x509v3.h b/iphoneos/include/OpenSSL/x509v3.h
index ffe75e56..897f02f1 100644
--- a/iphoneos/include/OpenSSL/x509v3.h
+++ b/iphoneos/include/OpenSSL/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/iphoneos/include/OpenSSL/x509v3err.h b/iphoneos/include/OpenSSL/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/iphoneos/include/OpenSSL/x509v3err.h
+++ b/iphoneos/include/OpenSSL/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/iphoneos/lib/libcrypto.a b/iphoneos/lib/libcrypto.a
index f9c836a8..047111a8 100644
Binary files a/iphoneos/lib/libcrypto.a and b/iphoneos/lib/libcrypto.a differ
diff --git a/iphoneos/lib/libssl.a b/iphoneos/lib/libssl.a
index 71d6c9a1..8a253441 100644
Binary files a/iphoneos/lib/libssl.a and b/iphoneos/lib/libssl.a differ
diff --git a/iphonesimulator/include/OpenSSL/asn1.h b/iphonesimulator/include/OpenSSL/asn1.h
index 537cce54..ed442559 100644
--- a/iphonesimulator/include/OpenSSL/asn1.h
+++ b/iphonesimulator/include/OpenSSL/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/iphonesimulator/include/OpenSSL/async.h b/iphonesimulator/include/OpenSSL/async.h
index b1d3f3c5..50877f4f 100644
--- a/iphonesimulator/include/OpenSSL/async.h
+++ b/iphonesimulator/include/OpenSSL/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/iphonesimulator/include/OpenSSL/bio.h b/iphonesimulator/include/OpenSSL/bio.h
index a6b5a123..377fd310 100644
--- a/iphonesimulator/include/OpenSSL/bio.h
+++ b/iphonesimulator/include/OpenSSL/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/iphonesimulator/include/OpenSSL/bioerr.h b/iphonesimulator/include/OpenSSL/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/iphonesimulator/include/OpenSSL/bioerr.h
+++ b/iphonesimulator/include/OpenSSL/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/iphonesimulator/include/OpenSSL/bn.h b/iphonesimulator/include/OpenSSL/bn.h
index a085e224..0db1f2ac 100644
--- a/iphonesimulator/include/OpenSSL/bn.h
+++ b/iphonesimulator/include/OpenSSL/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/iphonesimulator/include/OpenSSL/cmp.h b/iphonesimulator/include/OpenSSL/cmp.h
index b6ce7249..342adaef 100644
--- a/iphonesimulator/include/OpenSSL/cmp.h
+++ b/iphonesimulator/include/OpenSSL/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/iphonesimulator/include/OpenSSL/cmperr.h b/iphonesimulator/include/OpenSSL/cmperr.h
index e4f83de0..71fd6353 100644
--- a/iphonesimulator/include/OpenSSL/cmperr.h
+++ b/iphonesimulator/include/OpenSSL/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/iphonesimulator/include/OpenSSL/cms.h b/iphonesimulator/include/OpenSSL/cms.h
index 08223a53..a69da9af 100644
--- a/iphonesimulator/include/OpenSSL/cms.h
+++ b/iphonesimulator/include/OpenSSL/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/iphonesimulator/include/OpenSSL/cmserr.h b/iphonesimulator/include/OpenSSL/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/iphonesimulator/include/OpenSSL/cmserr.h
+++ b/iphonesimulator/include/OpenSSL/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/iphonesimulator/include/OpenSSL/comp.h b/iphonesimulator/include/OpenSSL/comp.h
index fe31acfb..a79df30e 100644
--- a/iphonesimulator/include/OpenSSL/comp.h
+++ b/iphonesimulator/include/OpenSSL/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/iphonesimulator/include/OpenSSL/comperr.h b/iphonesimulator/include/OpenSSL/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/iphonesimulator/include/OpenSSL/comperr.h
+++ b/iphonesimulator/include/OpenSSL/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/iphonesimulator/include/OpenSSL/conf.h b/iphonesimulator/include/OpenSSL/conf.h
index 0d972c0e..581f435d 100644
--- a/iphonesimulator/include/OpenSSL/conf.h
+++ b/iphonesimulator/include/OpenSSL/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/iphonesimulator/include/OpenSSL/configuration.h b/iphonesimulator/include/OpenSSL/configuration.h
index 960c84c5..09071376 100644
--- a/iphonesimulator/include/OpenSSL/configuration.h
+++ b/iphonesimulator/include/OpenSSL/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_iOS
 #  define OPENSSL_SYS_iOS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -112,6 +118,9 @@ extern "C" {
 # ifndef OPENSSL_NO_SSL3_METHOD
 #  define OPENSSL_NO_SSL3_METHOD
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -127,6 +136,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -148,6 +172,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/iphonesimulator/include/OpenSSL/core.h b/iphonesimulator/include/OpenSSL/core.h
index faf76e25..ca784d25 100644
--- a/iphonesimulator/include/OpenSSL/core.h
+++ b/iphonesimulator/include/OpenSSL/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/iphonesimulator/include/OpenSSL/core_dispatch.h b/iphonesimulator/include/OpenSSL/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/iphonesimulator/include/OpenSSL/core_dispatch.h
+++ b/iphonesimulator/include/OpenSSL/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/iphonesimulator/include/OpenSSL/core_names.h b/iphonesimulator/include/OpenSSL/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/iphonesimulator/include/OpenSSL/core_names.h
+++ b/iphonesimulator/include/OpenSSL/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/iphonesimulator/include/OpenSSL/crmf.h b/iphonesimulator/include/OpenSSL/crmf.h
index 2ba1f045..046c5a61 100644
--- a/iphonesimulator/include/OpenSSL/crmf.h
+++ b/iphonesimulator/include/OpenSSL/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/iphonesimulator/include/OpenSSL/crypto.h b/iphonesimulator/include/OpenSSL/crypto.h
index 76489c62..103801de 100644
--- a/iphonesimulator/include/OpenSSL/crypto.h
+++ b/iphonesimulator/include/OpenSSL/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/iphonesimulator/include/OpenSSL/ct.h b/iphonesimulator/include/OpenSSL/ct.h
index a7a581be..256b394d 100644
--- a/iphonesimulator/include/OpenSSL/ct.h
+++ b/iphonesimulator/include/OpenSSL/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/iphonesimulator/include/OpenSSL/dherr.h b/iphonesimulator/include/OpenSSL/dherr.h
index e6855341..faeefcf0 100644
--- a/iphonesimulator/include/OpenSSL/dherr.h
+++ b/iphonesimulator/include/OpenSSL/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/iphonesimulator/include/OpenSSL/dsa.h b/iphonesimulator/include/OpenSSL/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/iphonesimulator/include/OpenSSL/dsa.h
+++ b/iphonesimulator/include/OpenSSL/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/iphonesimulator/include/OpenSSL/e_os2.h b/iphonesimulator/include/OpenSSL/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/iphonesimulator/include/OpenSSL/e_os2.h
+++ b/iphonesimulator/include/OpenSSL/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/iphonesimulator/include/OpenSSL/e_ostime.h b/iphonesimulator/include/OpenSSL/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/iphonesimulator/include/OpenSSL/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/iphonesimulator/include/OpenSSL/ec.h b/iphonesimulator/include/OpenSSL/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/iphonesimulator/include/OpenSSL/ec.h
+++ b/iphonesimulator/include/OpenSSL/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/iphonesimulator/include/OpenSSL/err.h b/iphonesimulator/include/OpenSSL/err.h
index e980e5b9..42124abc 100644
--- a/iphonesimulator/include/OpenSSL/err.h
+++ b/iphonesimulator/include/OpenSSL/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/iphonesimulator/include/OpenSSL/evp.h b/iphonesimulator/include/OpenSSL/evp.h
index fb55e4d1..c8290eba 100644
--- a/iphonesimulator/include/OpenSSL/evp.h
+++ b/iphonesimulator/include/OpenSSL/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/iphonesimulator/include/OpenSSL/evperr.h b/iphonesimulator/include/OpenSSL/evperr.h
index bc519f98..f36141af 100644
--- a/iphonesimulator/include/OpenSSL/evperr.h
+++ b/iphonesimulator/include/OpenSSL/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/iphonesimulator/include/OpenSSL/hpke.h b/iphonesimulator/include/OpenSSL/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/iphonesimulator/include/OpenSSL/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/iphonesimulator/include/OpenSSL/http.h b/iphonesimulator/include/OpenSSL/http.h
index e3f7c8bd..d33cc797 100644
--- a/iphonesimulator/include/OpenSSL/http.h
+++ b/iphonesimulator/include/OpenSSL/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/iphonesimulator/include/OpenSSL/lhash.h b/iphonesimulator/include/OpenSSL/lhash.h
index e49b5057..ea77b654 100644
--- a/iphonesimulator/include/OpenSSL/lhash.h
+++ b/iphonesimulator/include/OpenSSL/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/iphonesimulator/include/OpenSSL/macros.h b/iphonesimulator/include/OpenSSL/macros.h
index 9f9a7abb..fd950888 100644
--- a/iphonesimulator/include/OpenSSL/macros.h
+++ b/iphonesimulator/include/OpenSSL/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/iphonesimulator/include/OpenSSL/obj_mac.h b/iphonesimulator/include/OpenSSL/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/iphonesimulator/include/OpenSSL/obj_mac.h
+++ b/iphonesimulator/include/OpenSSL/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/iphonesimulator/include/OpenSSL/opensslv.h b/iphonesimulator/include/OpenSSL/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/iphonesimulator/include/OpenSSL/opensslv.h
+++ b/iphonesimulator/include/OpenSSL/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/iphonesimulator/include/OpenSSL/pem.h b/iphonesimulator/include/OpenSSL/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/iphonesimulator/include/OpenSSL/pem.h
+++ b/iphonesimulator/include/OpenSSL/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/iphonesimulator/include/OpenSSL/pkcs12.h b/iphonesimulator/include/OpenSSL/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/iphonesimulator/include/OpenSSL/pkcs12.h
+++ b/iphonesimulator/include/OpenSSL/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/iphonesimulator/include/OpenSSL/pkcs12err.h b/iphonesimulator/include/OpenSSL/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/iphonesimulator/include/OpenSSL/pkcs12err.h
+++ b/iphonesimulator/include/OpenSSL/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/iphonesimulator/include/OpenSSL/pkcs7.h b/iphonesimulator/include/OpenSSL/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/iphonesimulator/include/OpenSSL/pkcs7.h
+++ b/iphonesimulator/include/OpenSSL/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/iphonesimulator/include/OpenSSL/prov_ssl.h b/iphonesimulator/include/OpenSSL/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/iphonesimulator/include/OpenSSL/prov_ssl.h
+++ b/iphonesimulator/include/OpenSSL/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/iphonesimulator/include/OpenSSL/proverr.h b/iphonesimulator/include/OpenSSL/proverr.h
index 9502d07f..094b212c 100644
--- a/iphonesimulator/include/OpenSSL/proverr.h
+++ b/iphonesimulator/include/OpenSSL/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/iphonesimulator/include/OpenSSL/provider.h b/iphonesimulator/include/OpenSSL/provider.h
index dc684007..174aaaff 100644
--- a/iphonesimulator/include/OpenSSL/provider.h
+++ b/iphonesimulator/include/OpenSSL/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/iphonesimulator/include/OpenSSL/quic.h b/iphonesimulator/include/OpenSSL/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/iphonesimulator/include/OpenSSL/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/iphonesimulator/include/OpenSSL/rand.h b/iphonesimulator/include/OpenSSL/rand.h
index 886a174d..fbc3a5cf 100644
--- a/iphonesimulator/include/OpenSSL/rand.h
+++ b/iphonesimulator/include/OpenSSL/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/iphonesimulator/include/OpenSSL/rsa.h b/iphonesimulator/include/OpenSSL/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/iphonesimulator/include/OpenSSL/rsa.h
+++ b/iphonesimulator/include/OpenSSL/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/iphonesimulator/include/OpenSSL/sha.h b/iphonesimulator/include/OpenSSL/sha.h
index 3dce5cd7..967279a7 100644
--- a/iphonesimulator/include/OpenSSL/sha.h
+++ b/iphonesimulator/include/OpenSSL/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/iphonesimulator/include/OpenSSL/srtp.h b/iphonesimulator/include/OpenSSL/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/iphonesimulator/include/OpenSSL/srtp.h
+++ b/iphonesimulator/include/OpenSSL/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/iphonesimulator/include/OpenSSL/ssl.h b/iphonesimulator/include/OpenSSL/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/iphonesimulator/include/OpenSSL/ssl.h
+++ b/iphonesimulator/include/OpenSSL/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/iphonesimulator/include/OpenSSL/ssl3.h b/iphonesimulator/include/OpenSSL/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/iphonesimulator/include/OpenSSL/ssl3.h
+++ b/iphonesimulator/include/OpenSSL/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/iphonesimulator/include/OpenSSL/sslerr.h b/iphonesimulator/include/OpenSSL/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/iphonesimulator/include/OpenSSL/sslerr.h
+++ b/iphonesimulator/include/OpenSSL/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/iphonesimulator/include/OpenSSL/store.h b/iphonesimulator/include/OpenSSL/store.h
index a5cbcdd1..ed0b6254 100644
--- a/iphonesimulator/include/OpenSSL/store.h
+++ b/iphonesimulator/include/OpenSSL/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/iphonesimulator/include/OpenSSL/thread.h b/iphonesimulator/include/OpenSSL/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/iphonesimulator/include/OpenSSL/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/iphonesimulator/include/OpenSSL/tls1.h b/iphonesimulator/include/OpenSSL/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/iphonesimulator/include/OpenSSL/tls1.h
+++ b/iphonesimulator/include/OpenSSL/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/iphonesimulator/include/OpenSSL/trace.h b/iphonesimulator/include/OpenSSL/trace.h
index 3064a013..5d0fd9e6 100644
--- a/iphonesimulator/include/OpenSSL/trace.h
+++ b/iphonesimulator/include/OpenSSL/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/iphonesimulator/include/OpenSSL/ts.h b/iphonesimulator/include/OpenSSL/ts.h
index 9d669a64..a7302824 100644
--- a/iphonesimulator/include/OpenSSL/ts.h
+++ b/iphonesimulator/include/OpenSSL/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/iphonesimulator/include/OpenSSL/types.h b/iphonesimulator/include/OpenSSL/types.h
index b2281f69..413c20c5 100644
--- a/iphonesimulator/include/OpenSSL/types.h
+++ b/iphonesimulator/include/OpenSSL/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/iphonesimulator/include/OpenSSL/x509.h b/iphonesimulator/include/OpenSSL/x509.h
index 88cde83c..9dbb2b97 100644
--- a/iphonesimulator/include/OpenSSL/x509.h
+++ b/iphonesimulator/include/OpenSSL/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/iphonesimulator/include/OpenSSL/x509_vfy.h b/iphonesimulator/include/OpenSSL/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/iphonesimulator/include/OpenSSL/x509_vfy.h
+++ b/iphonesimulator/include/OpenSSL/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/iphonesimulator/include/OpenSSL/x509err.h b/iphonesimulator/include/OpenSSL/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/iphonesimulator/include/OpenSSL/x509err.h
+++ b/iphonesimulator/include/OpenSSL/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/iphonesimulator/include/OpenSSL/x509v3.h b/iphonesimulator/include/OpenSSL/x509v3.h
index ffe75e56..897f02f1 100644
--- a/iphonesimulator/include/OpenSSL/x509v3.h
+++ b/iphonesimulator/include/OpenSSL/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/iphonesimulator/include/OpenSSL/x509v3err.h b/iphonesimulator/include/OpenSSL/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/iphonesimulator/include/OpenSSL/x509v3err.h
+++ b/iphonesimulator/include/OpenSSL/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/iphonesimulator/lib/libcrypto.a b/iphonesimulator/lib/libcrypto.a
index 4e42efcf..c8edecde 100644
Binary files a/iphonesimulator/lib/libcrypto.a and b/iphonesimulator/lib/libcrypto.a differ
diff --git a/iphonesimulator/lib/libssl.a b/iphonesimulator/lib/libssl.a
index 0c26256f..3d6e6cb5 100644
Binary files a/iphonesimulator/lib/libssl.a and b/iphonesimulator/lib/libssl.a differ
diff --git a/macosx/include/OpenSSL/asn1.h b/macosx/include/OpenSSL/asn1.h
index 537cce54..ed442559 100644
--- a/macosx/include/OpenSSL/asn1.h
+++ b/macosx/include/OpenSSL/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/macosx/include/OpenSSL/async.h b/macosx/include/OpenSSL/async.h
index b1d3f3c5..50877f4f 100644
--- a/macosx/include/OpenSSL/async.h
+++ b/macosx/include/OpenSSL/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/macosx/include/OpenSSL/bio.h b/macosx/include/OpenSSL/bio.h
index a6b5a123..377fd310 100644
--- a/macosx/include/OpenSSL/bio.h
+++ b/macosx/include/OpenSSL/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/macosx/include/OpenSSL/bioerr.h b/macosx/include/OpenSSL/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/macosx/include/OpenSSL/bioerr.h
+++ b/macosx/include/OpenSSL/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/macosx/include/OpenSSL/bn.h b/macosx/include/OpenSSL/bn.h
index a085e224..0db1f2ac 100644
--- a/macosx/include/OpenSSL/bn.h
+++ b/macosx/include/OpenSSL/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/macosx/include/OpenSSL/cmp.h b/macosx/include/OpenSSL/cmp.h
index b6ce7249..342adaef 100644
--- a/macosx/include/OpenSSL/cmp.h
+++ b/macosx/include/OpenSSL/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/macosx/include/OpenSSL/cmperr.h b/macosx/include/OpenSSL/cmperr.h
index e4f83de0..71fd6353 100644
--- a/macosx/include/OpenSSL/cmperr.h
+++ b/macosx/include/OpenSSL/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/macosx/include/OpenSSL/cms.h b/macosx/include/OpenSSL/cms.h
index 08223a53..a69da9af 100644
--- a/macosx/include/OpenSSL/cms.h
+++ b/macosx/include/OpenSSL/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/macosx/include/OpenSSL/cmserr.h b/macosx/include/OpenSSL/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/macosx/include/OpenSSL/cmserr.h
+++ b/macosx/include/OpenSSL/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/macosx/include/OpenSSL/comp.h b/macosx/include/OpenSSL/comp.h
index fe31acfb..a79df30e 100644
--- a/macosx/include/OpenSSL/comp.h
+++ b/macosx/include/OpenSSL/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/macosx/include/OpenSSL/comperr.h b/macosx/include/OpenSSL/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/macosx/include/OpenSSL/comperr.h
+++ b/macosx/include/OpenSSL/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/macosx/include/OpenSSL/conf.h b/macosx/include/OpenSSL/conf.h
index 0d972c0e..581f435d 100644
--- a/macosx/include/OpenSSL/conf.h
+++ b/macosx/include/OpenSSL/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/macosx/include/OpenSSL/configuration.h b/macosx/include/OpenSSL/configuration.h
index c528d3f5..9eac98ec 100644
--- a/macosx/include/OpenSSL/configuration.h
+++ b/macosx/include/OpenSSL/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_MacOSX
 #  define OPENSSL_SYS_MacOSX 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -112,6 +118,9 @@ extern "C" {
 # ifndef OPENSSL_NO_SSL3_METHOD
 #  define OPENSSL_NO_SSL3_METHOD
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -127,6 +136,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -148,6 +172,12 @@ extern "C" {
 
 # define RC4_INT unsigned int
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/macosx/include/OpenSSL/core.h b/macosx/include/OpenSSL/core.h
index faf76e25..ca784d25 100644
--- a/macosx/include/OpenSSL/core.h
+++ b/macosx/include/OpenSSL/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/macosx/include/OpenSSL/core_dispatch.h b/macosx/include/OpenSSL/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/macosx/include/OpenSSL/core_dispatch.h
+++ b/macosx/include/OpenSSL/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/macosx/include/OpenSSL/core_names.h b/macosx/include/OpenSSL/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/macosx/include/OpenSSL/core_names.h
+++ b/macosx/include/OpenSSL/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/macosx/include/OpenSSL/crmf.h b/macosx/include/OpenSSL/crmf.h
index 2ba1f045..046c5a61 100644
--- a/macosx/include/OpenSSL/crmf.h
+++ b/macosx/include/OpenSSL/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/macosx/include/OpenSSL/crypto.h b/macosx/include/OpenSSL/crypto.h
index 76489c62..103801de 100644
--- a/macosx/include/OpenSSL/crypto.h
+++ b/macosx/include/OpenSSL/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/macosx/include/OpenSSL/ct.h b/macosx/include/OpenSSL/ct.h
index a7a581be..256b394d 100644
--- a/macosx/include/OpenSSL/ct.h
+++ b/macosx/include/OpenSSL/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/macosx/include/OpenSSL/dherr.h b/macosx/include/OpenSSL/dherr.h
index e6855341..faeefcf0 100644
--- a/macosx/include/OpenSSL/dherr.h
+++ b/macosx/include/OpenSSL/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/macosx/include/OpenSSL/dsa.h b/macosx/include/OpenSSL/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/macosx/include/OpenSSL/dsa.h
+++ b/macosx/include/OpenSSL/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/macosx/include/OpenSSL/e_os2.h b/macosx/include/OpenSSL/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/macosx/include/OpenSSL/e_os2.h
+++ b/macosx/include/OpenSSL/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/macosx/include/OpenSSL/e_ostime.h b/macosx/include/OpenSSL/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/macosx/include/OpenSSL/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/macosx/include/OpenSSL/ec.h b/macosx/include/OpenSSL/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/macosx/include/OpenSSL/ec.h
+++ b/macosx/include/OpenSSL/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/macosx/include/OpenSSL/err.h b/macosx/include/OpenSSL/err.h
index e980e5b9..42124abc 100644
--- a/macosx/include/OpenSSL/err.h
+++ b/macosx/include/OpenSSL/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/macosx/include/OpenSSL/evp.h b/macosx/include/OpenSSL/evp.h
index fb55e4d1..c8290eba 100644
--- a/macosx/include/OpenSSL/evp.h
+++ b/macosx/include/OpenSSL/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/macosx/include/OpenSSL/evperr.h b/macosx/include/OpenSSL/evperr.h
index bc519f98..f36141af 100644
--- a/macosx/include/OpenSSL/evperr.h
+++ b/macosx/include/OpenSSL/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/macosx/include/OpenSSL/hpke.h b/macosx/include/OpenSSL/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/macosx/include/OpenSSL/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/macosx/include/OpenSSL/http.h b/macosx/include/OpenSSL/http.h
index e3f7c8bd..d33cc797 100644
--- a/macosx/include/OpenSSL/http.h
+++ b/macosx/include/OpenSSL/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/macosx/include/OpenSSL/lhash.h b/macosx/include/OpenSSL/lhash.h
index e49b5057..ea77b654 100644
--- a/macosx/include/OpenSSL/lhash.h
+++ b/macosx/include/OpenSSL/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/macosx/include/OpenSSL/macros.h b/macosx/include/OpenSSL/macros.h
index 9f9a7abb..fd950888 100644
--- a/macosx/include/OpenSSL/macros.h
+++ b/macosx/include/OpenSSL/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/macosx/include/OpenSSL/obj_mac.h b/macosx/include/OpenSSL/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/macosx/include/OpenSSL/obj_mac.h
+++ b/macosx/include/OpenSSL/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/macosx/include/OpenSSL/opensslv.h b/macosx/include/OpenSSL/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/macosx/include/OpenSSL/opensslv.h
+++ b/macosx/include/OpenSSL/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/macosx/include/OpenSSL/pem.h b/macosx/include/OpenSSL/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/macosx/include/OpenSSL/pem.h
+++ b/macosx/include/OpenSSL/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/macosx/include/OpenSSL/pkcs12.h b/macosx/include/OpenSSL/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/macosx/include/OpenSSL/pkcs12.h
+++ b/macosx/include/OpenSSL/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/macosx/include/OpenSSL/pkcs12err.h b/macosx/include/OpenSSL/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/macosx/include/OpenSSL/pkcs12err.h
+++ b/macosx/include/OpenSSL/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/macosx/include/OpenSSL/pkcs7.h b/macosx/include/OpenSSL/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/macosx/include/OpenSSL/pkcs7.h
+++ b/macosx/include/OpenSSL/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/macosx/include/OpenSSL/prov_ssl.h b/macosx/include/OpenSSL/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/macosx/include/OpenSSL/prov_ssl.h
+++ b/macosx/include/OpenSSL/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/macosx/include/OpenSSL/proverr.h b/macosx/include/OpenSSL/proverr.h
index 9502d07f..094b212c 100644
--- a/macosx/include/OpenSSL/proverr.h
+++ b/macosx/include/OpenSSL/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/macosx/include/OpenSSL/provider.h b/macosx/include/OpenSSL/provider.h
index dc684007..174aaaff 100644
--- a/macosx/include/OpenSSL/provider.h
+++ b/macosx/include/OpenSSL/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/macosx/include/OpenSSL/quic.h b/macosx/include/OpenSSL/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/macosx/include/OpenSSL/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/macosx/include/OpenSSL/rand.h b/macosx/include/OpenSSL/rand.h
index 886a174d..fbc3a5cf 100644
--- a/macosx/include/OpenSSL/rand.h
+++ b/macosx/include/OpenSSL/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/macosx/include/OpenSSL/rsa.h b/macosx/include/OpenSSL/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/macosx/include/OpenSSL/rsa.h
+++ b/macosx/include/OpenSSL/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/macosx/include/OpenSSL/sha.h b/macosx/include/OpenSSL/sha.h
index 3dce5cd7..967279a7 100644
--- a/macosx/include/OpenSSL/sha.h
+++ b/macosx/include/OpenSSL/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/macosx/include/OpenSSL/srtp.h b/macosx/include/OpenSSL/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/macosx/include/OpenSSL/srtp.h
+++ b/macosx/include/OpenSSL/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/macosx/include/OpenSSL/ssl.h b/macosx/include/OpenSSL/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/macosx/include/OpenSSL/ssl.h
+++ b/macosx/include/OpenSSL/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/macosx/include/OpenSSL/ssl3.h b/macosx/include/OpenSSL/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/macosx/include/OpenSSL/ssl3.h
+++ b/macosx/include/OpenSSL/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/macosx/include/OpenSSL/sslerr.h b/macosx/include/OpenSSL/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/macosx/include/OpenSSL/sslerr.h
+++ b/macosx/include/OpenSSL/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/macosx/include/OpenSSL/store.h b/macosx/include/OpenSSL/store.h
index a5cbcdd1..ed0b6254 100644
--- a/macosx/include/OpenSSL/store.h
+++ b/macosx/include/OpenSSL/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/macosx/include/OpenSSL/thread.h b/macosx/include/OpenSSL/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/macosx/include/OpenSSL/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/macosx/include/OpenSSL/tls1.h b/macosx/include/OpenSSL/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/macosx/include/OpenSSL/tls1.h
+++ b/macosx/include/OpenSSL/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/macosx/include/OpenSSL/trace.h b/macosx/include/OpenSSL/trace.h
index 3064a013..5d0fd9e6 100644
--- a/macosx/include/OpenSSL/trace.h
+++ b/macosx/include/OpenSSL/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/macosx/include/OpenSSL/ts.h b/macosx/include/OpenSSL/ts.h
index 9d669a64..a7302824 100644
--- a/macosx/include/OpenSSL/ts.h
+++ b/macosx/include/OpenSSL/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/macosx/include/OpenSSL/types.h b/macosx/include/OpenSSL/types.h
index b2281f69..413c20c5 100644
--- a/macosx/include/OpenSSL/types.h
+++ b/macosx/include/OpenSSL/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/macosx/include/OpenSSL/x509.h b/macosx/include/OpenSSL/x509.h
index 88cde83c..9dbb2b97 100644
--- a/macosx/include/OpenSSL/x509.h
+++ b/macosx/include/OpenSSL/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/macosx/include/OpenSSL/x509_vfy.h b/macosx/include/OpenSSL/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/macosx/include/OpenSSL/x509_vfy.h
+++ b/macosx/include/OpenSSL/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/macosx/include/OpenSSL/x509err.h b/macosx/include/OpenSSL/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/macosx/include/OpenSSL/x509err.h
+++ b/macosx/include/OpenSSL/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/macosx/include/OpenSSL/x509v3.h b/macosx/include/OpenSSL/x509v3.h
index ffe75e56..897f02f1 100644
--- a/macosx/include/OpenSSL/x509v3.h
+++ b/macosx/include/OpenSSL/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/macosx/include/OpenSSL/x509v3err.h b/macosx/include/OpenSSL/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/macosx/include/OpenSSL/x509v3err.h
+++ b/macosx/include/OpenSSL/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/macosx/lib/libcrypto.a b/macosx/lib/libcrypto.a
index fe007674..12ca8f9d 100644
Binary files a/macosx/lib/libcrypto.a and b/macosx/lib/libcrypto.a differ
diff --git a/macosx/lib/libssl.a b/macosx/lib/libssl.a
index 1e4a9734..87da22aa 100644
Binary files a/macosx/lib/libssl.a and b/macosx/lib/libssl.a differ
diff --git a/macosx_catalyst/include/OpenSSL/asn1.h b/macosx_catalyst/include/OpenSSL/asn1.h
index 537cce54..ed442559 100644
--- a/macosx_catalyst/include/OpenSSL/asn1.h
+++ b/macosx_catalyst/include/OpenSSL/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/macosx_catalyst/include/OpenSSL/async.h b/macosx_catalyst/include/OpenSSL/async.h
index b1d3f3c5..50877f4f 100644
--- a/macosx_catalyst/include/OpenSSL/async.h
+++ b/macosx_catalyst/include/OpenSSL/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/macosx_catalyst/include/OpenSSL/bio.h b/macosx_catalyst/include/OpenSSL/bio.h
index a6b5a123..377fd310 100644
--- a/macosx_catalyst/include/OpenSSL/bio.h
+++ b/macosx_catalyst/include/OpenSSL/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/macosx_catalyst/include/OpenSSL/bioerr.h b/macosx_catalyst/include/OpenSSL/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/macosx_catalyst/include/OpenSSL/bioerr.h
+++ b/macosx_catalyst/include/OpenSSL/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/macosx_catalyst/include/OpenSSL/bn.h b/macosx_catalyst/include/OpenSSL/bn.h
index a085e224..0db1f2ac 100644
--- a/macosx_catalyst/include/OpenSSL/bn.h
+++ b/macosx_catalyst/include/OpenSSL/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/macosx_catalyst/include/OpenSSL/cmp.h b/macosx_catalyst/include/OpenSSL/cmp.h
index b6ce7249..342adaef 100644
--- a/macosx_catalyst/include/OpenSSL/cmp.h
+++ b/macosx_catalyst/include/OpenSSL/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/macosx_catalyst/include/OpenSSL/cmperr.h b/macosx_catalyst/include/OpenSSL/cmperr.h
index e4f83de0..71fd6353 100644
--- a/macosx_catalyst/include/OpenSSL/cmperr.h
+++ b/macosx_catalyst/include/OpenSSL/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/macosx_catalyst/include/OpenSSL/cms.h b/macosx_catalyst/include/OpenSSL/cms.h
index 08223a53..a69da9af 100644
--- a/macosx_catalyst/include/OpenSSL/cms.h
+++ b/macosx_catalyst/include/OpenSSL/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/macosx_catalyst/include/OpenSSL/cmserr.h b/macosx_catalyst/include/OpenSSL/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/macosx_catalyst/include/OpenSSL/cmserr.h
+++ b/macosx_catalyst/include/OpenSSL/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/macosx_catalyst/include/OpenSSL/comp.h b/macosx_catalyst/include/OpenSSL/comp.h
index fe31acfb..a79df30e 100644
--- a/macosx_catalyst/include/OpenSSL/comp.h
+++ b/macosx_catalyst/include/OpenSSL/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/macosx_catalyst/include/OpenSSL/comperr.h b/macosx_catalyst/include/OpenSSL/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/macosx_catalyst/include/OpenSSL/comperr.h
+++ b/macosx_catalyst/include/OpenSSL/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/macosx_catalyst/include/OpenSSL/conf.h b/macosx_catalyst/include/OpenSSL/conf.h
index 0d972c0e..581f435d 100644
--- a/macosx_catalyst/include/OpenSSL/conf.h
+++ b/macosx_catalyst/include/OpenSSL/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/macosx_catalyst/include/OpenSSL/configuration.h b/macosx_catalyst/include/OpenSSL/configuration.h
index c528d3f5..9eac98ec 100644
--- a/macosx_catalyst/include/OpenSSL/configuration.h
+++ b/macosx_catalyst/include/OpenSSL/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_MacOSX
 #  define OPENSSL_SYS_MacOSX 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -112,6 +118,9 @@ extern "C" {
 # ifndef OPENSSL_NO_SSL3_METHOD
 #  define OPENSSL_NO_SSL3_METHOD
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -127,6 +136,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -148,6 +172,12 @@ extern "C" {
 
 # define RC4_INT unsigned int
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/macosx_catalyst/include/OpenSSL/core.h b/macosx_catalyst/include/OpenSSL/core.h
index faf76e25..ca784d25 100644
--- a/macosx_catalyst/include/OpenSSL/core.h
+++ b/macosx_catalyst/include/OpenSSL/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/macosx_catalyst/include/OpenSSL/core_dispatch.h b/macosx_catalyst/include/OpenSSL/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/macosx_catalyst/include/OpenSSL/core_dispatch.h
+++ b/macosx_catalyst/include/OpenSSL/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/macosx_catalyst/include/OpenSSL/core_names.h b/macosx_catalyst/include/OpenSSL/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/macosx_catalyst/include/OpenSSL/core_names.h
+++ b/macosx_catalyst/include/OpenSSL/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/macosx_catalyst/include/OpenSSL/crmf.h b/macosx_catalyst/include/OpenSSL/crmf.h
index 2ba1f045..046c5a61 100644
--- a/macosx_catalyst/include/OpenSSL/crmf.h
+++ b/macosx_catalyst/include/OpenSSL/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/macosx_catalyst/include/OpenSSL/crypto.h b/macosx_catalyst/include/OpenSSL/crypto.h
index 76489c62..103801de 100644
--- a/macosx_catalyst/include/OpenSSL/crypto.h
+++ b/macosx_catalyst/include/OpenSSL/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/macosx_catalyst/include/OpenSSL/ct.h b/macosx_catalyst/include/OpenSSL/ct.h
index a7a581be..256b394d 100644
--- a/macosx_catalyst/include/OpenSSL/ct.h
+++ b/macosx_catalyst/include/OpenSSL/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/macosx_catalyst/include/OpenSSL/dherr.h b/macosx_catalyst/include/OpenSSL/dherr.h
index e6855341..faeefcf0 100644
--- a/macosx_catalyst/include/OpenSSL/dherr.h
+++ b/macosx_catalyst/include/OpenSSL/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/macosx_catalyst/include/OpenSSL/dsa.h b/macosx_catalyst/include/OpenSSL/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/macosx_catalyst/include/OpenSSL/dsa.h
+++ b/macosx_catalyst/include/OpenSSL/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/macosx_catalyst/include/OpenSSL/e_os2.h b/macosx_catalyst/include/OpenSSL/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/macosx_catalyst/include/OpenSSL/e_os2.h
+++ b/macosx_catalyst/include/OpenSSL/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/macosx_catalyst/include/OpenSSL/e_ostime.h b/macosx_catalyst/include/OpenSSL/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/macosx_catalyst/include/OpenSSL/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/macosx_catalyst/include/OpenSSL/ec.h b/macosx_catalyst/include/OpenSSL/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/macosx_catalyst/include/OpenSSL/ec.h
+++ b/macosx_catalyst/include/OpenSSL/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/macosx_catalyst/include/OpenSSL/err.h b/macosx_catalyst/include/OpenSSL/err.h
index e980e5b9..42124abc 100644
--- a/macosx_catalyst/include/OpenSSL/err.h
+++ b/macosx_catalyst/include/OpenSSL/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/macosx_catalyst/include/OpenSSL/evp.h b/macosx_catalyst/include/OpenSSL/evp.h
index fb55e4d1..c8290eba 100644
--- a/macosx_catalyst/include/OpenSSL/evp.h
+++ b/macosx_catalyst/include/OpenSSL/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/macosx_catalyst/include/OpenSSL/evperr.h b/macosx_catalyst/include/OpenSSL/evperr.h
index bc519f98..f36141af 100644
--- a/macosx_catalyst/include/OpenSSL/evperr.h
+++ b/macosx_catalyst/include/OpenSSL/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/macosx_catalyst/include/OpenSSL/hpke.h b/macosx_catalyst/include/OpenSSL/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/macosx_catalyst/include/OpenSSL/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/macosx_catalyst/include/OpenSSL/http.h b/macosx_catalyst/include/OpenSSL/http.h
index e3f7c8bd..d33cc797 100644
--- a/macosx_catalyst/include/OpenSSL/http.h
+++ b/macosx_catalyst/include/OpenSSL/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/macosx_catalyst/include/OpenSSL/lhash.h b/macosx_catalyst/include/OpenSSL/lhash.h
index e49b5057..ea77b654 100644
--- a/macosx_catalyst/include/OpenSSL/lhash.h
+++ b/macosx_catalyst/include/OpenSSL/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/macosx_catalyst/include/OpenSSL/macros.h b/macosx_catalyst/include/OpenSSL/macros.h
index 9f9a7abb..fd950888 100644
--- a/macosx_catalyst/include/OpenSSL/macros.h
+++ b/macosx_catalyst/include/OpenSSL/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/macosx_catalyst/include/OpenSSL/obj_mac.h b/macosx_catalyst/include/OpenSSL/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/macosx_catalyst/include/OpenSSL/obj_mac.h
+++ b/macosx_catalyst/include/OpenSSL/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/macosx_catalyst/include/OpenSSL/opensslv.h b/macosx_catalyst/include/OpenSSL/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/macosx_catalyst/include/OpenSSL/opensslv.h
+++ b/macosx_catalyst/include/OpenSSL/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/macosx_catalyst/include/OpenSSL/pem.h b/macosx_catalyst/include/OpenSSL/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/macosx_catalyst/include/OpenSSL/pem.h
+++ b/macosx_catalyst/include/OpenSSL/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/macosx_catalyst/include/OpenSSL/pkcs12.h b/macosx_catalyst/include/OpenSSL/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/macosx_catalyst/include/OpenSSL/pkcs12.h
+++ b/macosx_catalyst/include/OpenSSL/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/macosx_catalyst/include/OpenSSL/pkcs12err.h b/macosx_catalyst/include/OpenSSL/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/macosx_catalyst/include/OpenSSL/pkcs12err.h
+++ b/macosx_catalyst/include/OpenSSL/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/macosx_catalyst/include/OpenSSL/pkcs7.h b/macosx_catalyst/include/OpenSSL/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/macosx_catalyst/include/OpenSSL/pkcs7.h
+++ b/macosx_catalyst/include/OpenSSL/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/macosx_catalyst/include/OpenSSL/prov_ssl.h b/macosx_catalyst/include/OpenSSL/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/macosx_catalyst/include/OpenSSL/prov_ssl.h
+++ b/macosx_catalyst/include/OpenSSL/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/macosx_catalyst/include/OpenSSL/proverr.h b/macosx_catalyst/include/OpenSSL/proverr.h
index 9502d07f..094b212c 100644
--- a/macosx_catalyst/include/OpenSSL/proverr.h
+++ b/macosx_catalyst/include/OpenSSL/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/macosx_catalyst/include/OpenSSL/provider.h b/macosx_catalyst/include/OpenSSL/provider.h
index dc684007..174aaaff 100644
--- a/macosx_catalyst/include/OpenSSL/provider.h
+++ b/macosx_catalyst/include/OpenSSL/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/macosx_catalyst/include/OpenSSL/quic.h b/macosx_catalyst/include/OpenSSL/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/macosx_catalyst/include/OpenSSL/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/macosx_catalyst/include/OpenSSL/rand.h b/macosx_catalyst/include/OpenSSL/rand.h
index 886a174d..fbc3a5cf 100644
--- a/macosx_catalyst/include/OpenSSL/rand.h
+++ b/macosx_catalyst/include/OpenSSL/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/macosx_catalyst/include/OpenSSL/rsa.h b/macosx_catalyst/include/OpenSSL/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/macosx_catalyst/include/OpenSSL/rsa.h
+++ b/macosx_catalyst/include/OpenSSL/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/macosx_catalyst/include/OpenSSL/sha.h b/macosx_catalyst/include/OpenSSL/sha.h
index 3dce5cd7..967279a7 100644
--- a/macosx_catalyst/include/OpenSSL/sha.h
+++ b/macosx_catalyst/include/OpenSSL/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/macosx_catalyst/include/OpenSSL/srtp.h b/macosx_catalyst/include/OpenSSL/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/macosx_catalyst/include/OpenSSL/srtp.h
+++ b/macosx_catalyst/include/OpenSSL/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/macosx_catalyst/include/OpenSSL/ssl.h b/macosx_catalyst/include/OpenSSL/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/macosx_catalyst/include/OpenSSL/ssl.h
+++ b/macosx_catalyst/include/OpenSSL/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/macosx_catalyst/include/OpenSSL/ssl3.h b/macosx_catalyst/include/OpenSSL/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/macosx_catalyst/include/OpenSSL/ssl3.h
+++ b/macosx_catalyst/include/OpenSSL/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/macosx_catalyst/include/OpenSSL/sslerr.h b/macosx_catalyst/include/OpenSSL/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/macosx_catalyst/include/OpenSSL/sslerr.h
+++ b/macosx_catalyst/include/OpenSSL/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/macosx_catalyst/include/OpenSSL/store.h b/macosx_catalyst/include/OpenSSL/store.h
index a5cbcdd1..ed0b6254 100644
--- a/macosx_catalyst/include/OpenSSL/store.h
+++ b/macosx_catalyst/include/OpenSSL/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/macosx_catalyst/include/OpenSSL/thread.h b/macosx_catalyst/include/OpenSSL/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/macosx_catalyst/include/OpenSSL/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/macosx_catalyst/include/OpenSSL/tls1.h b/macosx_catalyst/include/OpenSSL/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/macosx_catalyst/include/OpenSSL/tls1.h
+++ b/macosx_catalyst/include/OpenSSL/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/macosx_catalyst/include/OpenSSL/trace.h b/macosx_catalyst/include/OpenSSL/trace.h
index 3064a013..5d0fd9e6 100644
--- a/macosx_catalyst/include/OpenSSL/trace.h
+++ b/macosx_catalyst/include/OpenSSL/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/macosx_catalyst/include/OpenSSL/ts.h b/macosx_catalyst/include/OpenSSL/ts.h
index 9d669a64..a7302824 100644
--- a/macosx_catalyst/include/OpenSSL/ts.h
+++ b/macosx_catalyst/include/OpenSSL/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/macosx_catalyst/include/OpenSSL/types.h b/macosx_catalyst/include/OpenSSL/types.h
index b2281f69..413c20c5 100644
--- a/macosx_catalyst/include/OpenSSL/types.h
+++ b/macosx_catalyst/include/OpenSSL/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/macosx_catalyst/include/OpenSSL/x509.h b/macosx_catalyst/include/OpenSSL/x509.h
index 88cde83c..9dbb2b97 100644
--- a/macosx_catalyst/include/OpenSSL/x509.h
+++ b/macosx_catalyst/include/OpenSSL/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/macosx_catalyst/include/OpenSSL/x509_vfy.h b/macosx_catalyst/include/OpenSSL/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/macosx_catalyst/include/OpenSSL/x509_vfy.h
+++ b/macosx_catalyst/include/OpenSSL/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/macosx_catalyst/include/OpenSSL/x509err.h b/macosx_catalyst/include/OpenSSL/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/macosx_catalyst/include/OpenSSL/x509err.h
+++ b/macosx_catalyst/include/OpenSSL/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/macosx_catalyst/include/OpenSSL/x509v3.h b/macosx_catalyst/include/OpenSSL/x509v3.h
index ffe75e56..897f02f1 100644
--- a/macosx_catalyst/include/OpenSSL/x509v3.h
+++ b/macosx_catalyst/include/OpenSSL/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/macosx_catalyst/include/OpenSSL/x509v3err.h b/macosx_catalyst/include/OpenSSL/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/macosx_catalyst/include/OpenSSL/x509v3err.h
+++ b/macosx_catalyst/include/OpenSSL/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/macosx_catalyst/lib/libcrypto.a b/macosx_catalyst/lib/libcrypto.a
index 20e3e847..0c418a5b 100644
Binary files a/macosx_catalyst/lib/libcrypto.a and b/macosx_catalyst/lib/libcrypto.a differ
diff --git a/macosx_catalyst/lib/libssl.a b/macosx_catalyst/lib/libssl.a
index 3fdb4e01..be0e6fac 100644
Binary files a/macosx_catalyst/lib/libssl.a and b/macosx_catalyst/lib/libssl.a differ
diff --git a/support/OpenSSL.h b/support/OpenSSL.h
new file mode 100644
index 00000000..1e5785b9
--- /dev/null
+++ b/support/OpenSSL.h
@@ -0,0 +1,144 @@
+// ls -1 ../../appletvsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
+// Include before others:
+#include <OpenSSL/ssl.h>
+
+#include <OpenSSL/ssl2.h>
+#include <OpenSSL/ssl3.h>
+#include <OpenSSL/sslerr.h>
+
+#include <OpenSSL/aes.h>
+#include <OpenSSL/asn1.h>
+// #include <OpenSSL/asn1_mac.h>
+#include <OpenSSL/asn1err.h>
+#include <OpenSSL/asn1t.h>
+#include <OpenSSL/async.h>
+#include <OpenSSL/asyncerr.h>
+#include <OpenSSL/bio.h>
+#include <OpenSSL/bioerr.h>
+#include <OpenSSL/blowfish.h>
+#include <OpenSSL/bn.h>
+#include <OpenSSL/bnerr.h>
+#include <OpenSSL/buffer.h>
+#include <OpenSSL/buffererr.h>
+#include <OpenSSL/camellia.h>
+#include <OpenSSL/cast.h>
+#include <OpenSSL/cmac.h>
+#include <OpenSSL/cmp.h>
+#include <OpenSSL/cmp_util.h>
+#include <OpenSSL/cmperr.h>
+#include <OpenSSL/cms.h>
+#include <OpenSSL/cmserr.h>
+#include <OpenSSL/comp.h>
+#include <OpenSSL/comperr.h>
+#include <OpenSSL/conf.h>
+#include <OpenSSL/conf_api.h>
+#include <OpenSSL/conferr.h>
+#include <OpenSSL/configuration.h>
+#include <OpenSSL/conftypes.h>
+#include <OpenSSL/core.h>
+#include <OpenSSL/core_dispatch.h>
+#include <OpenSSL/core_names.h>
+#include <OpenSSL/core_object.h>
+#include <OpenSSL/crmf.h>
+#include <OpenSSL/crmferr.h>
+#include <OpenSSL/crypto.h>
+#include <OpenSSL/cryptoerr.h>
+#include <OpenSSL/cryptoerr_legacy.h>
+#include <OpenSSL/ct.h>
+#include <OpenSSL/cterr.h>
+#include <OpenSSL/decoder.h>
+#include <OpenSSL/decodererr.h>
+#include <OpenSSL/des.h>
+#include <OpenSSL/dh.h>
+#include <OpenSSL/dherr.h>
+#include <OpenSSL/dsa.h>
+#include <OpenSSL/dsaerr.h>
+#include <OpenSSL/dtls1.h>
+#include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
+#include <OpenSSL/ebcdic.h>
+#include <OpenSSL/ec.h>
+#include <OpenSSL/ecdh.h>
+#include <OpenSSL/ecdsa.h>
+#include <OpenSSL/ecerr.h>
+#include <OpenSSL/encoder.h>
+#include <OpenSSL/encodererr.h>
+#include <OpenSSL/engine.h>
+#include <OpenSSL/engineerr.h>
+#include <OpenSSL/err.h>
+#include <OpenSSL/ess.h>
+#include <OpenSSL/esserr.h>
+#include <OpenSSL/evp.h>
+#include <OpenSSL/evperr.h>
+#include <OpenSSL/fips_names.h>
+#include <OpenSSL/fipskey.h>
+#include <OpenSSL/hmac.h>
+#include <OpenSSL/hpke.h>
+#include <OpenSSL/http.h>
+#include <OpenSSL/httperr.h>
+#include <OpenSSL/idea.h>
+#include <OpenSSL/kdf.h>
+#include <OpenSSL/kdferr.h>
+#include <OpenSSL/lhash.h>
+#include <OpenSSL/macros.h>
+#include <OpenSSL/md2.h>
+#include <OpenSSL/md4.h>
+#include <OpenSSL/md5.h>
+#include <OpenSSL/mdc2.h>
+#include <OpenSSL/modes.h>
+#include <OpenSSL/obj_mac.h>
+#include <OpenSSL/objects.h>
+#include <OpenSSL/objectserr.h>
+#include <OpenSSL/ocsp.h>
+#include <OpenSSL/ocsperr.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/opensslv.h>
+#include <OpenSSL/ossl_typ.h>
+#include <OpenSSL/param_build.h>
+#include <OpenSSL/params.h>
+#include <OpenSSL/pem.h>
+#include <OpenSSL/pem2.h>
+#include <OpenSSL/pemerr.h>
+#include <OpenSSL/pkcs12.h>
+#include <OpenSSL/pkcs12err.h>
+#include <OpenSSL/pkcs7.h>
+#include <OpenSSL/pkcs7err.h>
+#include <OpenSSL/prov_ssl.h>
+#include <OpenSSL/proverr.h>
+#include <OpenSSL/provider.h>
+#include <OpenSSL/quic.h>
+#include <OpenSSL/rand.h>
+#include <OpenSSL/randerr.h>
+#include <OpenSSL/rc2.h>
+#include <OpenSSL/rc4.h>
+#include <OpenSSL/rc5.h>
+#include <OpenSSL/ripemd.h>
+#include <OpenSSL/rsa.h>
+#include <OpenSSL/rsaerr.h>
+#include <OpenSSL/safestack.h>
+#include <OpenSSL/seed.h>
+#include <OpenSSL/self_test.h>
+#include <OpenSSL/sha.h>
+#include <OpenSSL/shim.h>
+#include <OpenSSL/srp.h>
+#include <OpenSSL/srtp.h>
+#include <OpenSSL/sslerr_legacy.h>
+#include <OpenSSL/stack.h>
+#include <OpenSSL/store.h>
+#include <OpenSSL/storeerr.h>
+#include <OpenSSL/symhacks.h>
+#include <OpenSSL/thread.h>
+#include <OpenSSL/tls1.h>
+#include <OpenSSL/trace.h>
+#include <OpenSSL/ts.h>
+#include <OpenSSL/tserr.h>
+#include <OpenSSL/txt_db.h>
+#include <OpenSSL/types.h>
+#include <OpenSSL/ui.h>
+#include <OpenSSL/uierr.h>
+#include <OpenSSL/whrlpool.h>
+#include <OpenSSL/x509.h>
+#include <OpenSSL/x509_vfy.h>
+#include <OpenSSL/x509err.h>
+#include <OpenSSL/x509v3.h>
+#include <OpenSSL/x509v3err.h>
diff --git a/support/macos/OpenSSL.h b/support/macos/OpenSSL.h
deleted file mode 100644
index b52a9966..00000000
--- a/support/macos/OpenSSL.h
+++ /dev/null
@@ -1,139 +0,0 @@
-// Include before others:
-#include <OpenSSL/ssl.h>
-
-#include <OpenSSL/ssl2.h>
-#include <OpenSSL/ssl3.h>
-#include <OpenSSL/sslerr.h>
-
-#include <OpenSSL/aes.h>
-#include <OpenSSL/asn1.h>
-// #include <OpenSSL/asn1_mac.h>
-#include <OpenSSL/asn1err.h>
-#include <OpenSSL/asn1t.h>
-#include <OpenSSL/async.h>
-#include <OpenSSL/asyncerr.h>
-#include <OpenSSL/bio.h>
-#include <OpenSSL/bioerr.h>
-#include <OpenSSL/blowfish.h>
-#include <OpenSSL/bn.h>
-#include <OpenSSL/bnerr.h>
-#include <OpenSSL/buffer.h>
-#include <OpenSSL/buffererr.h>
-#include <OpenSSL/camellia.h>
-#include <OpenSSL/cast.h>
-#include <OpenSSL/cmac.h>
-#include <OpenSSL/cmp.h>
-#include <OpenSSL/cmp_util.h>
-#include <OpenSSL/cmperr.h>
-#include <OpenSSL/cms.h>
-#include <OpenSSL/cmserr.h>
-#include <OpenSSL/comp.h>
-#include <OpenSSL/comperr.h>
-#include <OpenSSL/conf.h>
-#include <OpenSSL/conf_api.h>
-#include <OpenSSL/conferr.h>
-#include <OpenSSL/configuration.h>
-#include <OpenSSL/conftypes.h>
-#include <OpenSSL/core.h>
-#include <OpenSSL/core_dispatch.h>
-#include <OpenSSL/core_names.h>
-#include <OpenSSL/core_object.h>
-#include <OpenSSL/crmf.h>
-#include <OpenSSL/crmferr.h>
-#include <OpenSSL/crypto.h>
-#include <OpenSSL/cryptoerr.h>
-#include <OpenSSL/cryptoerr_legacy.h>
-#include <OpenSSL/ct.h>
-#include <OpenSSL/cterr.h>
-#include <OpenSSL/decoder.h>
-#include <OpenSSL/decodererr.h>
-#include <OpenSSL/des.h>
-#include <OpenSSL/dh.h>
-#include <OpenSSL/dherr.h>
-#include <OpenSSL/dsa.h>
-#include <OpenSSL/dsaerr.h>
-#include <OpenSSL/dtls1.h>
-#include <OpenSSL/e_os2.h>
-#include <OpenSSL/ebcdic.h>
-#include <OpenSSL/ec.h>
-#include <OpenSSL/ecdh.h>
-#include <OpenSSL/ecdsa.h>
-#include <OpenSSL/ecerr.h>
-#include <OpenSSL/encoder.h>
-#include <OpenSSL/encodererr.h>
-#include <OpenSSL/engine.h>
-#include <OpenSSL/engineerr.h>
-#include <OpenSSL/err.h>
-#include <OpenSSL/ess.h>
-#include <OpenSSL/esserr.h>
-#include <OpenSSL/evp.h>
-#include <OpenSSL/evperr.h>
-#include <OpenSSL/fips_names.h>
-#include <OpenSSL/fipskey.h>
-#include <OpenSSL/hmac.h>
-#include <OpenSSL/http.h>
-#include <OpenSSL/httperr.h>
-#include <OpenSSL/idea.h>
-#include <OpenSSL/kdf.h>
-#include <OpenSSL/kdferr.h>
-#include <OpenSSL/lhash.h>
-#include <OpenSSL/macros.h>
-#include <OpenSSL/md2.h>
-#include <OpenSSL/md4.h>
-#include <OpenSSL/md5.h>
-#include <OpenSSL/mdc2.h>
-#include <OpenSSL/modes.h>
-#include <OpenSSL/obj_mac.h>
-#include <OpenSSL/objects.h>
-#include <OpenSSL/objectserr.h>
-#include <OpenSSL/ocsp.h>
-#include <OpenSSL/ocsperr.h>
-#include <OpenSSL/opensslconf.h>
-#include <OpenSSL/opensslv.h>
-#include <OpenSSL/ossl_typ.h>
-#include <OpenSSL/param_build.h>
-#include <OpenSSL/params.h>
-#include <OpenSSL/pem.h>
-#include <OpenSSL/pem2.h>
-#include <OpenSSL/pemerr.h>
-#include <OpenSSL/pkcs12.h>
-#include <OpenSSL/pkcs12err.h>
-#include <OpenSSL/pkcs7.h>
-#include <OpenSSL/pkcs7err.h>
-#include <OpenSSL/prov_ssl.h>
-#include <OpenSSL/proverr.h>
-#include <OpenSSL/provider.h>
-#include <OpenSSL/rand.h>
-#include <OpenSSL/randerr.h>
-#include <OpenSSL/rc2.h>
-#include <OpenSSL/rc4.h>
-#include <OpenSSL/rc5.h>
-#include <OpenSSL/ripemd.h>
-#include <OpenSSL/rsa.h>
-#include <OpenSSL/rsaerr.h>
-#include <OpenSSL/safestack.h>
-#include <OpenSSL/seed.h>
-#include <OpenSSL/self_test.h>
-#include <OpenSSL/sha.h>
-#include <OpenSSL/shim.h>
-#include <OpenSSL/srp.h>
-#include <OpenSSL/srtp.h>
-#include <OpenSSL/sslerr_legacy.h>
-#include <OpenSSL/stack.h>
-#include <OpenSSL/store.h>
-#include <OpenSSL/storeerr.h>
-#include <OpenSSL/symhacks.h>
-#include <OpenSSL/tls1.h>
-#include <OpenSSL/trace.h>
-#include <OpenSSL/ts.h>
-#include <OpenSSL/tserr.h>
-#include <OpenSSL/txt_db.h>
-#include <OpenSSL/types.h>
-#include <OpenSSL/ui.h>
-#include <OpenSSL/uierr.h>
-#include <OpenSSL/whrlpool.h>
-#include <OpenSSL/x509.h>
-#include <OpenSSL/x509_vfy.h>
-#include <OpenSSL/x509err.h>
-#include <OpenSSL/x509v3.h>
-#include <OpenSSL/x509v3err.h>
diff --git a/support/macos_catalyst/OpenSSL.h b/support/macos_catalyst/OpenSSL.h
deleted file mode 100644
index 215f71cd..00000000
--- a/support/macos_catalyst/OpenSSL.h
+++ /dev/null
@@ -1,140 +0,0 @@
-// Include before others:
-#include <OpenSSL/ssl.h>
-
-#include <OpenSSL/ssl2.h>
-#include <OpenSSL/ssl3.h>
-#include <OpenSSL/sslerr.h>
-
-#include <OpenSSL/aes.h>
-#include <OpenSSL/asn1.h>
-// #include <OpenSSL/asn1_mac.h>
-#include <OpenSSL/asn1err.h>
-#include <OpenSSL/asn1t.h>
-#include <OpenSSL/async.h>
-#include <OpenSSL/asyncerr.h>
-#include <OpenSSL/bio.h>
-#include <OpenSSL/bioerr.h>
-#include <OpenSSL/blowfish.h>
-#include <OpenSSL/bn.h>
-#include <OpenSSL/bnerr.h>
-#include <OpenSSL/buffer.h>
-#include <OpenSSL/buffererr.h>
-#include <OpenSSL/camellia.h>
-#include <OpenSSL/cast.h>
-#include <OpenSSL/cmac.h>
-#include <OpenSSL/cmp.h>
-#include <OpenSSL/cmp_util.h>
-#include <OpenSSL/cmperr.h>
-#include <OpenSSL/cms.h>
-#include <OpenSSL/cmserr.h>
-#include <OpenSSL/comp.h>
-#include <OpenSSL/comperr.h>
-#include <OpenSSL/conf.h>
-#include <OpenSSL/conf_api.h>
-#include <OpenSSL/conferr.h>
-#include <OpenSSL/configuration.h>
-#include <OpenSSL/conftypes.h>
-#include <OpenSSL/core.h>
-#include <OpenSSL/core_dispatch.h>
-#include <OpenSSL/core_names.h>
-#include <OpenSSL/core_object.h>
-#include <OpenSSL/crmf.h>
-#include <OpenSSL/crmferr.h>
-#include <OpenSSL/crypto.h>
-#include <OpenSSL/cryptoerr.h>
-#include <OpenSSL/cryptoerr_legacy.h>
-#include <OpenSSL/ct.h>
-#include <OpenSSL/cterr.h>
-#include <OpenSSL/decoder.h>
-#include <OpenSSL/decodererr.h>
-#include <OpenSSL/des.h>
-#include <OpenSSL/dh.h>
-#include <OpenSSL/dherr.h>
-#include <OpenSSL/dsa.h>
-#include <OpenSSL/dsaerr.h>
-#include <OpenSSL/dtls1.h>
-#include <OpenSSL/e_os2.h>
-#include <OpenSSL/ebcdic.h>
-#include <OpenSSL/ec.h>
-#include <OpenSSL/ecdh.h>
-#include <OpenSSL/ecdsa.h>
-#include <OpenSSL/ecerr.h>
-#include <OpenSSL/encoder.h>
-#include <OpenSSL/encodererr.h>
-#include <OpenSSL/engine.h>
-#include <OpenSSL/engineerr.h>
-#include <OpenSSL/err.h>
-#include <OpenSSL/ess.h>
-#include <OpenSSL/esserr.h>
-#include <OpenSSL/evp.h>
-#include <OpenSSL/evperr.h>
-#include <OpenSSL/fips_names.h>
-#include <OpenSSL/fipskey.h>
-#include <OpenSSL/hmac.h>
-#include <OpenSSL/http.h>
-#include <OpenSSL/httperr.h>
-#include <OpenSSL/idea.h>
-#include <OpenSSL/kdf.h>
-#include <OpenSSL/kdferr.h>
-#include <OpenSSL/lhash.h>
-#include <OpenSSL/macros.h>
-#include <OpenSSL/md2.h>
-#include <OpenSSL/md4.h>
-#include <OpenSSL/md5.h>
-#include <OpenSSL/mdc2.h>
-#include <OpenSSL/modes.h>
-#include <OpenSSL/obj_mac.h>
-#include <OpenSSL/objects.h>
-#include <OpenSSL/objectserr.h>
-#include <OpenSSL/ocsp.h>
-#include <OpenSSL/ocsperr.h>
-#include <OpenSSL/opensslconf.h>
-#include <OpenSSL/opensslv.h>
-#include <OpenSSL/ossl_typ.h>
-#include <OpenSSL/param_build.h>
-#include <OpenSSL/params.h>
-#include <OpenSSL/pem.h>
-#include <OpenSSL/pem2.h>
-#include <OpenSSL/pemerr.h>
-#include <OpenSSL/pkcs12.h>
-#include <OpenSSL/pkcs12err.h>
-#include <OpenSSL/pkcs7.h>
-#include <OpenSSL/pkcs7err.h>
-#include <OpenSSL/prov_ssl.h>
-#include <OpenSSL/proverr.h>
-#include <OpenSSL/provider.h>
-#include <OpenSSL/rand.h>
-#include <OpenSSL/randerr.h>
-#include <OpenSSL/rc2.h>
-#include <OpenSSL/rc4.h>
-#include <OpenSSL/rc5.h>
-#include <OpenSSL/ripemd.h>
-#include <OpenSSL/rsa.h>
-#include <OpenSSL/rsaerr.h>
-#include <OpenSSL/safestack.h>
-#include <OpenSSL/seed.h>
-#include <OpenSSL/self_test.h>
-#include <OpenSSL/sha.h>
-#include <OpenSSL/shim.h>
-#include <OpenSSL/srp.h>
-#include <OpenSSL/srtp.h>
-#include <OpenSSL/sslerr_legacy.h>
-#include <OpenSSL/stack.h>
-#include <OpenSSL/store.h>
-#include <OpenSSL/storeerr.h>
-#include <OpenSSL/symhacks.h>
-#include <OpenSSL/tls1.h>
-#include <OpenSSL/trace.h>
-#include <OpenSSL/ts.h>
-#include <OpenSSL/tserr.h>
-#include <OpenSSL/txt_db.h>
-#include <OpenSSL/types.h>
-#include <OpenSSL/ui.h>
-#include <OpenSSL/uierr.h>
-#include <OpenSSL/whrlpool.h>
-#include <OpenSSL/x509.h>
-#include <OpenSSL/x509_vfy.h>
-#include <OpenSSL/x509err.h>
-#include <OpenSSL/x509v3.h>
-#include <OpenSSL/x509v3err.h>
-
diff --git a/support/visionos/OpenSSL.h b/support/visionos/OpenSSL.h
deleted file mode 100644
index eca45fdf..00000000
--- a/support/visionos/OpenSSL.h
+++ /dev/null
@@ -1,140 +0,0 @@
-// ls -1 ../../visionos/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
-// Include before others:
-#include <OpenSSL/ssl.h>
-
-#include <OpenSSL/ssl2.h>
-#include <OpenSSL/ssl3.h>
-#include <OpenSSL/sslerr.h>
-
-#include <OpenSSL/aes.h>
-#include <OpenSSL/asn1.h>
-// #include <OpenSSL/asn1_mac.h>
-#include <OpenSSL/asn1err.h>
-#include <OpenSSL/asn1t.h>
-#include <OpenSSL/async.h>
-#include <OpenSSL/asyncerr.h>
-#include <OpenSSL/bio.h>
-#include <OpenSSL/bioerr.h>
-#include <OpenSSL/blowfish.h>
-#include <OpenSSL/bn.h>
-#include <OpenSSL/bnerr.h>
-#include <OpenSSL/buffer.h>
-#include <OpenSSL/buffererr.h>
-#include <OpenSSL/camellia.h>
-#include <OpenSSL/cast.h>
-#include <OpenSSL/cmac.h>
-#include <OpenSSL/cmp.h>
-#include <OpenSSL/cmp_util.h>
-#include <OpenSSL/cmperr.h>
-#include <OpenSSL/cms.h>
-#include <OpenSSL/cmserr.h>
-#include <OpenSSL/comp.h>
-#include <OpenSSL/comperr.h>
-#include <OpenSSL/conf.h>
-#include <OpenSSL/conf_api.h>
-#include <OpenSSL/conferr.h>
-#include <OpenSSL/configuration.h>
-#include <OpenSSL/conftypes.h>
-#include <OpenSSL/core.h>
-#include <OpenSSL/core_dispatch.h>
-#include <OpenSSL/core_names.h>
-#include <OpenSSL/core_object.h>
-#include <OpenSSL/crmf.h>
-#include <OpenSSL/crmferr.h>
-#include <OpenSSL/crypto.h>
-#include <OpenSSL/cryptoerr.h>
-#include <OpenSSL/cryptoerr_legacy.h>
-#include <OpenSSL/ct.h>
-#include <OpenSSL/cterr.h>
-#include <OpenSSL/decoder.h>
-#include <OpenSSL/decodererr.h>
-#include <OpenSSL/des.h>
-#include <OpenSSL/dh.h>
-#include <OpenSSL/dherr.h>
-#include <OpenSSL/dsa.h>
-#include <OpenSSL/dsaerr.h>
-#include <OpenSSL/dtls1.h>
-#include <OpenSSL/e_os2.h>
-#include <OpenSSL/ebcdic.h>
-#include <OpenSSL/ec.h>
-#include <OpenSSL/ecdh.h>
-#include <OpenSSL/ecdsa.h>
-#include <OpenSSL/ecerr.h>
-#include <OpenSSL/encoder.h>
-#include <OpenSSL/encodererr.h>
-#include <OpenSSL/engine.h>
-#include <OpenSSL/engineerr.h>
-#include <OpenSSL/err.h>
-#include <OpenSSL/ess.h>
-#include <OpenSSL/esserr.h>
-#include <OpenSSL/evp.h>
-#include <OpenSSL/evperr.h>
-#include <OpenSSL/fips_names.h>
-#include <OpenSSL/fipskey.h>
-#include <OpenSSL/hmac.h>
-#include <OpenSSL/http.h>
-#include <OpenSSL/httperr.h>
-#include <OpenSSL/idea.h>
-#include <OpenSSL/kdf.h>
-#include <OpenSSL/kdferr.h>
-#include <OpenSSL/lhash.h>
-#include <OpenSSL/macros.h>
-#include <OpenSSL/md2.h>
-#include <OpenSSL/md4.h>
-#include <OpenSSL/md5.h>
-#include <OpenSSL/mdc2.h>
-#include <OpenSSL/modes.h>
-#include <OpenSSL/obj_mac.h>
-#include <OpenSSL/objects.h>
-#include <OpenSSL/objectserr.h>
-#include <OpenSSL/ocsp.h>
-#include <OpenSSL/ocsperr.h>
-#include <OpenSSL/opensslconf.h>
-#include <OpenSSL/opensslv.h>
-#include <OpenSSL/ossl_typ.h>
-#include <OpenSSL/param_build.h>
-#include <OpenSSL/params.h>
-#include <OpenSSL/pem.h>
-#include <OpenSSL/pem2.h>
-#include <OpenSSL/pemerr.h>
-#include <OpenSSL/pkcs12.h>
-#include <OpenSSL/pkcs12err.h>
-#include <OpenSSL/pkcs7.h>
-#include <OpenSSL/pkcs7err.h>
-#include <OpenSSL/prov_ssl.h>
-#include <OpenSSL/proverr.h>
-#include <OpenSSL/provider.h>
-#include <OpenSSL/rand.h>
-#include <OpenSSL/randerr.h>
-#include <OpenSSL/rc2.h>
-#include <OpenSSL/rc4.h>
-#include <OpenSSL/rc5.h>
-#include <OpenSSL/ripemd.h>
-#include <OpenSSL/rsa.h>
-#include <OpenSSL/rsaerr.h>
-#include <OpenSSL/safestack.h>
-#include <OpenSSL/seed.h>
-#include <OpenSSL/self_test.h>
-#include <OpenSSL/sha.h>
-#include <OpenSSL/shim.h>
-#include <OpenSSL/srp.h>
-#include <OpenSSL/srtp.h>
-#include <OpenSSL/sslerr_legacy.h>
-#include <OpenSSL/stack.h>
-#include <OpenSSL/store.h>
-#include <OpenSSL/storeerr.h>
-#include <OpenSSL/symhacks.h>
-#include <OpenSSL/tls1.h>
-#include <OpenSSL/trace.h>
-#include <OpenSSL/ts.h>
-#include <OpenSSL/tserr.h>
-#include <OpenSSL/txt_db.h>
-#include <OpenSSL/types.h>
-#include <OpenSSL/ui.h>
-#include <OpenSSL/uierr.h>
-#include <OpenSSL/whrlpool.h>
-#include <OpenSSL/x509.h>
-#include <OpenSSL/x509_vfy.h>
-#include <OpenSSL/x509err.h>
-#include <OpenSSL/x509v3.h>
-#include <OpenSSL/x509v3err.h>
diff --git a/support/visionsimulator/OpenSSL.h b/support/visionsimulator/OpenSSL.h
deleted file mode 100644
index 8c7875e8..00000000
--- a/support/visionsimulator/OpenSSL.h
+++ /dev/null
@@ -1,140 +0,0 @@
-// ls -1 ../../visionsimulator/include/openssl | sed 's/\(.*\)/\#include \<OpenSSL\/\1\>/'
-// Include before others:
-#include <OpenSSL/ssl.h>
-
-#include <OpenSSL/ssl2.h>
-#include <OpenSSL/ssl3.h>
-#include <OpenSSL/sslerr.h>
-
-#include <OpenSSL/aes.h>
-#include <OpenSSL/asn1.h>
-// #include <OpenSSL/asn1_mac.h>
-#include <OpenSSL/asn1err.h>
-#include <OpenSSL/asn1t.h>
-#include <OpenSSL/async.h>
-#include <OpenSSL/asyncerr.h>
-#include <OpenSSL/bio.h>
-#include <OpenSSL/bioerr.h>
-#include <OpenSSL/blowfish.h>
-#include <OpenSSL/bn.h>
-#include <OpenSSL/bnerr.h>
-#include <OpenSSL/buffer.h>
-#include <OpenSSL/buffererr.h>
-#include <OpenSSL/camellia.h>
-#include <OpenSSL/cast.h>
-#include <OpenSSL/cmac.h>
-#include <OpenSSL/cmp.h>
-#include <OpenSSL/cmp_util.h>
-#include <OpenSSL/cmperr.h>
-#include <OpenSSL/cms.h>
-#include <OpenSSL/cmserr.h>
-#include <OpenSSL/comp.h>
-#include <OpenSSL/comperr.h>
-#include <OpenSSL/conf.h>
-#include <OpenSSL/conf_api.h>
-#include <OpenSSL/conferr.h>
-#include <OpenSSL/configuration.h>
-#include <OpenSSL/conftypes.h>
-#include <OpenSSL/core.h>
-#include <OpenSSL/core_dispatch.h>
-#include <OpenSSL/core_names.h>
-#include <OpenSSL/core_object.h>
-#include <OpenSSL/crmf.h>
-#include <OpenSSL/crmferr.h>
-#include <OpenSSL/crypto.h>
-#include <OpenSSL/cryptoerr.h>
-#include <OpenSSL/cryptoerr_legacy.h>
-#include <OpenSSL/ct.h>
-#include <OpenSSL/cterr.h>
-#include <OpenSSL/decoder.h>
-#include <OpenSSL/decodererr.h>
-#include <OpenSSL/des.h>
-#include <OpenSSL/dh.h>
-#include <OpenSSL/dherr.h>
-#include <OpenSSL/dsa.h>
-#include <OpenSSL/dsaerr.h>
-#include <OpenSSL/dtls1.h>
-#include <OpenSSL/e_os2.h>
-#include <OpenSSL/ebcdic.h>
-#include <OpenSSL/ec.h>
-#include <OpenSSL/ecdh.h>
-#include <OpenSSL/ecdsa.h>
-#include <OpenSSL/ecerr.h>
-#include <OpenSSL/encoder.h>
-#include <OpenSSL/encodererr.h>
-#include <OpenSSL/engine.h>
-#include <OpenSSL/engineerr.h>
-#include <OpenSSL/err.h>
-#include <OpenSSL/ess.h>
-#include <OpenSSL/esserr.h>
-#include <OpenSSL/evp.h>
-#include <OpenSSL/evperr.h>
-#include <OpenSSL/fips_names.h>
-#include <OpenSSL/fipskey.h>
-#include <OpenSSL/hmac.h>
-#include <OpenSSL/http.h>
-#include <OpenSSL/httperr.h>
-#include <OpenSSL/idea.h>
-#include <OpenSSL/kdf.h>
-#include <OpenSSL/kdferr.h>
-#include <OpenSSL/lhash.h>
-#include <OpenSSL/macros.h>
-#include <OpenSSL/md2.h>
-#include <OpenSSL/md4.h>
-#include <OpenSSL/md5.h>
-#include <OpenSSL/mdc2.h>
-#include <OpenSSL/modes.h>
-#include <OpenSSL/obj_mac.h>
-#include <OpenSSL/objects.h>
-#include <OpenSSL/objectserr.h>
-#include <OpenSSL/ocsp.h>
-#include <OpenSSL/ocsperr.h>
-#include <OpenSSL/opensslconf.h>
-#include <OpenSSL/opensslv.h>
-#include <OpenSSL/ossl_typ.h>
-#include <OpenSSL/param_build.h>
-#include <OpenSSL/params.h>
-#include <OpenSSL/pem.h>
-#include <OpenSSL/pem2.h>
-#include <OpenSSL/pemerr.h>
-#include <OpenSSL/pkcs12.h>
-#include <OpenSSL/pkcs12err.h>
-#include <OpenSSL/pkcs7.h>
-#include <OpenSSL/pkcs7err.h>
-#include <OpenSSL/prov_ssl.h>
-#include <OpenSSL/proverr.h>
-#include <OpenSSL/provider.h>
-#include <OpenSSL/rand.h>
-#include <OpenSSL/randerr.h>
-#include <OpenSSL/rc2.h>
-#include <OpenSSL/rc4.h>
-#include <OpenSSL/rc5.h>
-#include <OpenSSL/ripemd.h>
-#include <OpenSSL/rsa.h>
-#include <OpenSSL/rsaerr.h>
-#include <OpenSSL/safestack.h>
-#include <OpenSSL/seed.h>
-#include <OpenSSL/self_test.h>
-#include <OpenSSL/sha.h>
-#include <OpenSSL/shim.h>
-#include <OpenSSL/srp.h>
-#include <OpenSSL/srtp.h>
-#include <OpenSSL/sslerr_legacy.h>
-#include <OpenSSL/stack.h>
-#include <OpenSSL/store.h>
-#include <OpenSSL/storeerr.h>
-#include <OpenSSL/symhacks.h>
-#include <OpenSSL/tls1.h>
-#include <OpenSSL/trace.h>
-#include <OpenSSL/ts.h>
-#include <OpenSSL/tserr.h>
-#include <OpenSSL/txt_db.h>
-#include <OpenSSL/types.h>
-#include <OpenSSL/ui.h>
-#include <OpenSSL/uierr.h>
-#include <OpenSSL/whrlpool.h>
-#include <OpenSSL/x509.h>
-#include <OpenSSL/x509_vfy.h>
-#include <OpenSSL/x509err.h>
-#include <OpenSSL/x509v3.h>
-#include <OpenSSL/x509v3err.h>
diff --git a/visionos/include/OpenSSL/asn1.h b/visionos/include/OpenSSL/asn1.h
index 537cce54..ed442559 100644
--- a/visionos/include/OpenSSL/asn1.h
+++ b/visionos/include/OpenSSL/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/visionos/include/OpenSSL/async.h b/visionos/include/OpenSSL/async.h
index b1d3f3c5..50877f4f 100644
--- a/visionos/include/OpenSSL/async.h
+++ b/visionos/include/OpenSSL/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/visionos/include/OpenSSL/bio.h b/visionos/include/OpenSSL/bio.h
index a6b5a123..377fd310 100644
--- a/visionos/include/OpenSSL/bio.h
+++ b/visionos/include/OpenSSL/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/visionos/include/OpenSSL/bioerr.h b/visionos/include/OpenSSL/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/visionos/include/OpenSSL/bioerr.h
+++ b/visionos/include/OpenSSL/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/visionos/include/OpenSSL/bn.h b/visionos/include/OpenSSL/bn.h
index a085e224..0db1f2ac 100644
--- a/visionos/include/OpenSSL/bn.h
+++ b/visionos/include/OpenSSL/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/visionos/include/OpenSSL/cmp.h b/visionos/include/OpenSSL/cmp.h
index b6ce7249..342adaef 100644
--- a/visionos/include/OpenSSL/cmp.h
+++ b/visionos/include/OpenSSL/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/visionos/include/OpenSSL/cmperr.h b/visionos/include/OpenSSL/cmperr.h
index e4f83de0..71fd6353 100644
--- a/visionos/include/OpenSSL/cmperr.h
+++ b/visionos/include/OpenSSL/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/visionos/include/OpenSSL/cms.h b/visionos/include/OpenSSL/cms.h
index 08223a53..a69da9af 100644
--- a/visionos/include/OpenSSL/cms.h
+++ b/visionos/include/OpenSSL/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/visionos/include/OpenSSL/cmserr.h b/visionos/include/OpenSSL/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/visionos/include/OpenSSL/cmserr.h
+++ b/visionos/include/OpenSSL/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/visionos/include/OpenSSL/comp.h b/visionos/include/OpenSSL/comp.h
index fe31acfb..a79df30e 100644
--- a/visionos/include/OpenSSL/comp.h
+++ b/visionos/include/OpenSSL/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/visionos/include/OpenSSL/comperr.h b/visionos/include/OpenSSL/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/visionos/include/OpenSSL/comperr.h
+++ b/visionos/include/OpenSSL/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/visionos/include/OpenSSL/conf.h b/visionos/include/OpenSSL/conf.h
index 0d972c0e..581f435d 100644
--- a/visionos/include/OpenSSL/conf.h
+++ b/visionos/include/OpenSSL/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/visionos/include/OpenSSL/configuration.h b/visionos/include/OpenSSL/configuration.h
index 8f739d6b..c29c8891 100644
--- a/visionos/include/OpenSSL/configuration.h
+++ b/visionos/include/OpenSSL/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_XROS
 #  define OPENSSL_SYS_XROS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -112,6 +118,9 @@ extern "C" {
 # ifndef OPENSSL_NO_SSL3_METHOD
 #  define OPENSSL_NO_SSL3_METHOD
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -127,6 +136,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -148,6 +172,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/visionos/include/OpenSSL/core.h b/visionos/include/OpenSSL/core.h
index faf76e25..ca784d25 100644
--- a/visionos/include/OpenSSL/core.h
+++ b/visionos/include/OpenSSL/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/visionos/include/OpenSSL/core_dispatch.h b/visionos/include/OpenSSL/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/visionos/include/OpenSSL/core_dispatch.h
+++ b/visionos/include/OpenSSL/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/visionos/include/OpenSSL/core_names.h b/visionos/include/OpenSSL/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/visionos/include/OpenSSL/core_names.h
+++ b/visionos/include/OpenSSL/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/visionos/include/OpenSSL/crmf.h b/visionos/include/OpenSSL/crmf.h
index 2ba1f045..046c5a61 100644
--- a/visionos/include/OpenSSL/crmf.h
+++ b/visionos/include/OpenSSL/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/visionos/include/OpenSSL/crypto.h b/visionos/include/OpenSSL/crypto.h
index 76489c62..103801de 100644
--- a/visionos/include/OpenSSL/crypto.h
+++ b/visionos/include/OpenSSL/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/visionos/include/OpenSSL/ct.h b/visionos/include/OpenSSL/ct.h
index a7a581be..256b394d 100644
--- a/visionos/include/OpenSSL/ct.h
+++ b/visionos/include/OpenSSL/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/visionos/include/OpenSSL/dherr.h b/visionos/include/OpenSSL/dherr.h
index e6855341..faeefcf0 100644
--- a/visionos/include/OpenSSL/dherr.h
+++ b/visionos/include/OpenSSL/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/visionos/include/OpenSSL/dsa.h b/visionos/include/OpenSSL/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/visionos/include/OpenSSL/dsa.h
+++ b/visionos/include/OpenSSL/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/visionos/include/OpenSSL/e_os2.h b/visionos/include/OpenSSL/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/visionos/include/OpenSSL/e_os2.h
+++ b/visionos/include/OpenSSL/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/visionos/include/OpenSSL/e_ostime.h b/visionos/include/OpenSSL/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/visionos/include/OpenSSL/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/visionos/include/OpenSSL/ec.h b/visionos/include/OpenSSL/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/visionos/include/OpenSSL/ec.h
+++ b/visionos/include/OpenSSL/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/visionos/include/OpenSSL/err.h b/visionos/include/OpenSSL/err.h
index e980e5b9..42124abc 100644
--- a/visionos/include/OpenSSL/err.h
+++ b/visionos/include/OpenSSL/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/visionos/include/OpenSSL/evp.h b/visionos/include/OpenSSL/evp.h
index fb55e4d1..c8290eba 100644
--- a/visionos/include/OpenSSL/evp.h
+++ b/visionos/include/OpenSSL/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/visionos/include/OpenSSL/evperr.h b/visionos/include/OpenSSL/evperr.h
index bc519f98..f36141af 100644
--- a/visionos/include/OpenSSL/evperr.h
+++ b/visionos/include/OpenSSL/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/visionos/include/OpenSSL/hpke.h b/visionos/include/OpenSSL/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/visionos/include/OpenSSL/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/visionos/include/OpenSSL/http.h b/visionos/include/OpenSSL/http.h
index e3f7c8bd..d33cc797 100644
--- a/visionos/include/OpenSSL/http.h
+++ b/visionos/include/OpenSSL/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/visionos/include/OpenSSL/lhash.h b/visionos/include/OpenSSL/lhash.h
index e49b5057..ea77b654 100644
--- a/visionos/include/OpenSSL/lhash.h
+++ b/visionos/include/OpenSSL/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/visionos/include/OpenSSL/macros.h b/visionos/include/OpenSSL/macros.h
index 9f9a7abb..fd950888 100644
--- a/visionos/include/OpenSSL/macros.h
+++ b/visionos/include/OpenSSL/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/visionos/include/OpenSSL/obj_mac.h b/visionos/include/OpenSSL/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/visionos/include/OpenSSL/obj_mac.h
+++ b/visionos/include/OpenSSL/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/visionos/include/OpenSSL/opensslv.h b/visionos/include/OpenSSL/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/visionos/include/OpenSSL/opensslv.h
+++ b/visionos/include/OpenSSL/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/visionos/include/OpenSSL/pem.h b/visionos/include/OpenSSL/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/visionos/include/OpenSSL/pem.h
+++ b/visionos/include/OpenSSL/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/visionos/include/OpenSSL/pkcs12.h b/visionos/include/OpenSSL/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/visionos/include/OpenSSL/pkcs12.h
+++ b/visionos/include/OpenSSL/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/visionos/include/OpenSSL/pkcs12err.h b/visionos/include/OpenSSL/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/visionos/include/OpenSSL/pkcs12err.h
+++ b/visionos/include/OpenSSL/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/visionos/include/OpenSSL/pkcs7.h b/visionos/include/OpenSSL/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/visionos/include/OpenSSL/pkcs7.h
+++ b/visionos/include/OpenSSL/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/visionos/include/OpenSSL/prov_ssl.h b/visionos/include/OpenSSL/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/visionos/include/OpenSSL/prov_ssl.h
+++ b/visionos/include/OpenSSL/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/visionos/include/OpenSSL/proverr.h b/visionos/include/OpenSSL/proverr.h
index 9502d07f..094b212c 100644
--- a/visionos/include/OpenSSL/proverr.h
+++ b/visionos/include/OpenSSL/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/visionos/include/OpenSSL/provider.h b/visionos/include/OpenSSL/provider.h
index dc684007..174aaaff 100644
--- a/visionos/include/OpenSSL/provider.h
+++ b/visionos/include/OpenSSL/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/visionos/include/OpenSSL/quic.h b/visionos/include/OpenSSL/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/visionos/include/OpenSSL/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/visionos/include/OpenSSL/rand.h b/visionos/include/OpenSSL/rand.h
index 886a174d..fbc3a5cf 100644
--- a/visionos/include/OpenSSL/rand.h
+++ b/visionos/include/OpenSSL/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/visionos/include/OpenSSL/rsa.h b/visionos/include/OpenSSL/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/visionos/include/OpenSSL/rsa.h
+++ b/visionos/include/OpenSSL/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/visionos/include/OpenSSL/sha.h b/visionos/include/OpenSSL/sha.h
index 3dce5cd7..967279a7 100644
--- a/visionos/include/OpenSSL/sha.h
+++ b/visionos/include/OpenSSL/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/visionos/include/OpenSSL/srtp.h b/visionos/include/OpenSSL/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/visionos/include/OpenSSL/srtp.h
+++ b/visionos/include/OpenSSL/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/visionos/include/OpenSSL/ssl.h b/visionos/include/OpenSSL/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/visionos/include/OpenSSL/ssl.h
+++ b/visionos/include/OpenSSL/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/visionos/include/OpenSSL/ssl3.h b/visionos/include/OpenSSL/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/visionos/include/OpenSSL/ssl3.h
+++ b/visionos/include/OpenSSL/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/visionos/include/OpenSSL/sslerr.h b/visionos/include/OpenSSL/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/visionos/include/OpenSSL/sslerr.h
+++ b/visionos/include/OpenSSL/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/visionos/include/OpenSSL/store.h b/visionos/include/OpenSSL/store.h
index a5cbcdd1..ed0b6254 100644
--- a/visionos/include/OpenSSL/store.h
+++ b/visionos/include/OpenSSL/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/visionos/include/OpenSSL/thread.h b/visionos/include/OpenSSL/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/visionos/include/OpenSSL/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/visionos/include/OpenSSL/tls1.h b/visionos/include/OpenSSL/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/visionos/include/OpenSSL/tls1.h
+++ b/visionos/include/OpenSSL/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/visionos/include/OpenSSL/trace.h b/visionos/include/OpenSSL/trace.h
index 3064a013..5d0fd9e6 100644
--- a/visionos/include/OpenSSL/trace.h
+++ b/visionos/include/OpenSSL/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/visionos/include/OpenSSL/ts.h b/visionos/include/OpenSSL/ts.h
index 9d669a64..a7302824 100644
--- a/visionos/include/OpenSSL/ts.h
+++ b/visionos/include/OpenSSL/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/visionos/include/OpenSSL/types.h b/visionos/include/OpenSSL/types.h
index b2281f69..413c20c5 100644
--- a/visionos/include/OpenSSL/types.h
+++ b/visionos/include/OpenSSL/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/visionos/include/OpenSSL/x509.h b/visionos/include/OpenSSL/x509.h
index 88cde83c..9dbb2b97 100644
--- a/visionos/include/OpenSSL/x509.h
+++ b/visionos/include/OpenSSL/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/visionos/include/OpenSSL/x509_vfy.h b/visionos/include/OpenSSL/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/visionos/include/OpenSSL/x509_vfy.h
+++ b/visionos/include/OpenSSL/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/visionos/include/OpenSSL/x509err.h b/visionos/include/OpenSSL/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/visionos/include/OpenSSL/x509err.h
+++ b/visionos/include/OpenSSL/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/visionos/include/OpenSSL/x509v3.h b/visionos/include/OpenSSL/x509v3.h
index ffe75e56..897f02f1 100644
--- a/visionos/include/OpenSSL/x509v3.h
+++ b/visionos/include/OpenSSL/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/visionos/include/OpenSSL/x509v3err.h b/visionos/include/OpenSSL/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/visionos/include/OpenSSL/x509v3err.h
+++ b/visionos/include/OpenSSL/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/visionos/lib/libcrypto.a b/visionos/lib/libcrypto.a
index a33a38d1..3079aee1 100644
Binary files a/visionos/lib/libcrypto.a and b/visionos/lib/libcrypto.a differ
diff --git a/visionos/lib/libssl.a b/visionos/lib/libssl.a
index a396cf1f..4287d754 100644
Binary files a/visionos/lib/libssl.a and b/visionos/lib/libssl.a differ
diff --git a/visionsimulator/include/OpenSSL/asn1.h b/visionsimulator/include/OpenSSL/asn1.h
index 537cce54..ed442559 100644
--- a/visionsimulator/include/OpenSSL/asn1.h
+++ b/visionsimulator/include/OpenSSL/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/visionsimulator/include/OpenSSL/async.h b/visionsimulator/include/OpenSSL/async.h
index b1d3f3c5..50877f4f 100644
--- a/visionsimulator/include/OpenSSL/async.h
+++ b/visionsimulator/include/OpenSSL/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/visionsimulator/include/OpenSSL/bio.h b/visionsimulator/include/OpenSSL/bio.h
index a6b5a123..377fd310 100644
--- a/visionsimulator/include/OpenSSL/bio.h
+++ b/visionsimulator/include/OpenSSL/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/visionsimulator/include/OpenSSL/bioerr.h b/visionsimulator/include/OpenSSL/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/visionsimulator/include/OpenSSL/bioerr.h
+++ b/visionsimulator/include/OpenSSL/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/visionsimulator/include/OpenSSL/bn.h b/visionsimulator/include/OpenSSL/bn.h
index a085e224..0db1f2ac 100644
--- a/visionsimulator/include/OpenSSL/bn.h
+++ b/visionsimulator/include/OpenSSL/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/visionsimulator/include/OpenSSL/cmp.h b/visionsimulator/include/OpenSSL/cmp.h
index b6ce7249..342adaef 100644
--- a/visionsimulator/include/OpenSSL/cmp.h
+++ b/visionsimulator/include/OpenSSL/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/visionsimulator/include/OpenSSL/cmperr.h b/visionsimulator/include/OpenSSL/cmperr.h
index e4f83de0..71fd6353 100644
--- a/visionsimulator/include/OpenSSL/cmperr.h
+++ b/visionsimulator/include/OpenSSL/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/visionsimulator/include/OpenSSL/cms.h b/visionsimulator/include/OpenSSL/cms.h
index 08223a53..a69da9af 100644
--- a/visionsimulator/include/OpenSSL/cms.h
+++ b/visionsimulator/include/OpenSSL/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/visionsimulator/include/OpenSSL/cmserr.h b/visionsimulator/include/OpenSSL/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/visionsimulator/include/OpenSSL/cmserr.h
+++ b/visionsimulator/include/OpenSSL/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/visionsimulator/include/OpenSSL/comp.h b/visionsimulator/include/OpenSSL/comp.h
index fe31acfb..a79df30e 100644
--- a/visionsimulator/include/OpenSSL/comp.h
+++ b/visionsimulator/include/OpenSSL/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/visionsimulator/include/OpenSSL/comperr.h b/visionsimulator/include/OpenSSL/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/visionsimulator/include/OpenSSL/comperr.h
+++ b/visionsimulator/include/OpenSSL/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/visionsimulator/include/OpenSSL/conf.h b/visionsimulator/include/OpenSSL/conf.h
index 0d972c0e..581f435d 100644
--- a/visionsimulator/include/OpenSSL/conf.h
+++ b/visionsimulator/include/OpenSSL/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/visionsimulator/include/OpenSSL/configuration.h b/visionsimulator/include/OpenSSL/configuration.h
index 8f739d6b..c29c8891 100644
--- a/visionsimulator/include/OpenSSL/configuration.h
+++ b/visionsimulator/include/OpenSSL/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_XROS
 #  define OPENSSL_SYS_XROS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -112,6 +118,9 @@ extern "C" {
 # ifndef OPENSSL_NO_SSL3_METHOD
 #  define OPENSSL_NO_SSL3_METHOD
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -127,6 +136,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -148,6 +172,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/visionsimulator/include/OpenSSL/core.h b/visionsimulator/include/OpenSSL/core.h
index faf76e25..ca784d25 100644
--- a/visionsimulator/include/OpenSSL/core.h
+++ b/visionsimulator/include/OpenSSL/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/visionsimulator/include/OpenSSL/core_dispatch.h b/visionsimulator/include/OpenSSL/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/visionsimulator/include/OpenSSL/core_dispatch.h
+++ b/visionsimulator/include/OpenSSL/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/visionsimulator/include/OpenSSL/core_names.h b/visionsimulator/include/OpenSSL/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/visionsimulator/include/OpenSSL/core_names.h
+++ b/visionsimulator/include/OpenSSL/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/visionsimulator/include/OpenSSL/crmf.h b/visionsimulator/include/OpenSSL/crmf.h
index 2ba1f045..046c5a61 100644
--- a/visionsimulator/include/OpenSSL/crmf.h
+++ b/visionsimulator/include/OpenSSL/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/visionsimulator/include/OpenSSL/crypto.h b/visionsimulator/include/OpenSSL/crypto.h
index 76489c62..103801de 100644
--- a/visionsimulator/include/OpenSSL/crypto.h
+++ b/visionsimulator/include/OpenSSL/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/visionsimulator/include/OpenSSL/ct.h b/visionsimulator/include/OpenSSL/ct.h
index a7a581be..256b394d 100644
--- a/visionsimulator/include/OpenSSL/ct.h
+++ b/visionsimulator/include/OpenSSL/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/visionsimulator/include/OpenSSL/dherr.h b/visionsimulator/include/OpenSSL/dherr.h
index e6855341..faeefcf0 100644
--- a/visionsimulator/include/OpenSSL/dherr.h
+++ b/visionsimulator/include/OpenSSL/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/visionsimulator/include/OpenSSL/dsa.h b/visionsimulator/include/OpenSSL/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/visionsimulator/include/OpenSSL/dsa.h
+++ b/visionsimulator/include/OpenSSL/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/visionsimulator/include/OpenSSL/e_os2.h b/visionsimulator/include/OpenSSL/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/visionsimulator/include/OpenSSL/e_os2.h
+++ b/visionsimulator/include/OpenSSL/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/visionsimulator/include/OpenSSL/e_ostime.h b/visionsimulator/include/OpenSSL/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/visionsimulator/include/OpenSSL/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/visionsimulator/include/OpenSSL/ec.h b/visionsimulator/include/OpenSSL/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/visionsimulator/include/OpenSSL/ec.h
+++ b/visionsimulator/include/OpenSSL/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/visionsimulator/include/OpenSSL/err.h b/visionsimulator/include/OpenSSL/err.h
index e980e5b9..42124abc 100644
--- a/visionsimulator/include/OpenSSL/err.h
+++ b/visionsimulator/include/OpenSSL/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/visionsimulator/include/OpenSSL/evp.h b/visionsimulator/include/OpenSSL/evp.h
index fb55e4d1..c8290eba 100644
--- a/visionsimulator/include/OpenSSL/evp.h
+++ b/visionsimulator/include/OpenSSL/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/visionsimulator/include/OpenSSL/evperr.h b/visionsimulator/include/OpenSSL/evperr.h
index bc519f98..f36141af 100644
--- a/visionsimulator/include/OpenSSL/evperr.h
+++ b/visionsimulator/include/OpenSSL/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/visionsimulator/include/OpenSSL/hpke.h b/visionsimulator/include/OpenSSL/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/visionsimulator/include/OpenSSL/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/visionsimulator/include/OpenSSL/http.h b/visionsimulator/include/OpenSSL/http.h
index e3f7c8bd..d33cc797 100644
--- a/visionsimulator/include/OpenSSL/http.h
+++ b/visionsimulator/include/OpenSSL/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/visionsimulator/include/OpenSSL/lhash.h b/visionsimulator/include/OpenSSL/lhash.h
index e49b5057..ea77b654 100644
--- a/visionsimulator/include/OpenSSL/lhash.h
+++ b/visionsimulator/include/OpenSSL/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/visionsimulator/include/OpenSSL/macros.h b/visionsimulator/include/OpenSSL/macros.h
index 9f9a7abb..fd950888 100644
--- a/visionsimulator/include/OpenSSL/macros.h
+++ b/visionsimulator/include/OpenSSL/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/visionsimulator/include/OpenSSL/obj_mac.h b/visionsimulator/include/OpenSSL/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/visionsimulator/include/OpenSSL/obj_mac.h
+++ b/visionsimulator/include/OpenSSL/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/visionsimulator/include/OpenSSL/opensslv.h b/visionsimulator/include/OpenSSL/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/visionsimulator/include/OpenSSL/opensslv.h
+++ b/visionsimulator/include/OpenSSL/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/visionsimulator/include/OpenSSL/pem.h b/visionsimulator/include/OpenSSL/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/visionsimulator/include/OpenSSL/pem.h
+++ b/visionsimulator/include/OpenSSL/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/visionsimulator/include/OpenSSL/pkcs12.h b/visionsimulator/include/OpenSSL/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/visionsimulator/include/OpenSSL/pkcs12.h
+++ b/visionsimulator/include/OpenSSL/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/visionsimulator/include/OpenSSL/pkcs12err.h b/visionsimulator/include/OpenSSL/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/visionsimulator/include/OpenSSL/pkcs12err.h
+++ b/visionsimulator/include/OpenSSL/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/visionsimulator/include/OpenSSL/pkcs7.h b/visionsimulator/include/OpenSSL/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/visionsimulator/include/OpenSSL/pkcs7.h
+++ b/visionsimulator/include/OpenSSL/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/visionsimulator/include/OpenSSL/prov_ssl.h b/visionsimulator/include/OpenSSL/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/visionsimulator/include/OpenSSL/prov_ssl.h
+++ b/visionsimulator/include/OpenSSL/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/visionsimulator/include/OpenSSL/proverr.h b/visionsimulator/include/OpenSSL/proverr.h
index 9502d07f..094b212c 100644
--- a/visionsimulator/include/OpenSSL/proverr.h
+++ b/visionsimulator/include/OpenSSL/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/visionsimulator/include/OpenSSL/provider.h b/visionsimulator/include/OpenSSL/provider.h
index dc684007..174aaaff 100644
--- a/visionsimulator/include/OpenSSL/provider.h
+++ b/visionsimulator/include/OpenSSL/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/visionsimulator/include/OpenSSL/quic.h b/visionsimulator/include/OpenSSL/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/visionsimulator/include/OpenSSL/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/visionsimulator/include/OpenSSL/rand.h b/visionsimulator/include/OpenSSL/rand.h
index 886a174d..fbc3a5cf 100644
--- a/visionsimulator/include/OpenSSL/rand.h
+++ b/visionsimulator/include/OpenSSL/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/visionsimulator/include/OpenSSL/rsa.h b/visionsimulator/include/OpenSSL/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/visionsimulator/include/OpenSSL/rsa.h
+++ b/visionsimulator/include/OpenSSL/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/visionsimulator/include/OpenSSL/sha.h b/visionsimulator/include/OpenSSL/sha.h
index 3dce5cd7..967279a7 100644
--- a/visionsimulator/include/OpenSSL/sha.h
+++ b/visionsimulator/include/OpenSSL/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/visionsimulator/include/OpenSSL/srtp.h b/visionsimulator/include/OpenSSL/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/visionsimulator/include/OpenSSL/srtp.h
+++ b/visionsimulator/include/OpenSSL/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/visionsimulator/include/OpenSSL/ssl.h b/visionsimulator/include/OpenSSL/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/visionsimulator/include/OpenSSL/ssl.h
+++ b/visionsimulator/include/OpenSSL/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/visionsimulator/include/OpenSSL/ssl3.h b/visionsimulator/include/OpenSSL/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/visionsimulator/include/OpenSSL/ssl3.h
+++ b/visionsimulator/include/OpenSSL/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/visionsimulator/include/OpenSSL/sslerr.h b/visionsimulator/include/OpenSSL/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/visionsimulator/include/OpenSSL/sslerr.h
+++ b/visionsimulator/include/OpenSSL/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/visionsimulator/include/OpenSSL/store.h b/visionsimulator/include/OpenSSL/store.h
index a5cbcdd1..ed0b6254 100644
--- a/visionsimulator/include/OpenSSL/store.h
+++ b/visionsimulator/include/OpenSSL/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/visionsimulator/include/OpenSSL/thread.h b/visionsimulator/include/OpenSSL/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/visionsimulator/include/OpenSSL/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/visionsimulator/include/OpenSSL/tls1.h b/visionsimulator/include/OpenSSL/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/visionsimulator/include/OpenSSL/tls1.h
+++ b/visionsimulator/include/OpenSSL/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/visionsimulator/include/OpenSSL/trace.h b/visionsimulator/include/OpenSSL/trace.h
index 3064a013..5d0fd9e6 100644
--- a/visionsimulator/include/OpenSSL/trace.h
+++ b/visionsimulator/include/OpenSSL/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/visionsimulator/include/OpenSSL/ts.h b/visionsimulator/include/OpenSSL/ts.h
index 9d669a64..a7302824 100644
--- a/visionsimulator/include/OpenSSL/ts.h
+++ b/visionsimulator/include/OpenSSL/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/visionsimulator/include/OpenSSL/types.h b/visionsimulator/include/OpenSSL/types.h
index b2281f69..413c20c5 100644
--- a/visionsimulator/include/OpenSSL/types.h
+++ b/visionsimulator/include/OpenSSL/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/visionsimulator/include/OpenSSL/x509.h b/visionsimulator/include/OpenSSL/x509.h
index 88cde83c..9dbb2b97 100644
--- a/visionsimulator/include/OpenSSL/x509.h
+++ b/visionsimulator/include/OpenSSL/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/visionsimulator/include/OpenSSL/x509_vfy.h b/visionsimulator/include/OpenSSL/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/visionsimulator/include/OpenSSL/x509_vfy.h
+++ b/visionsimulator/include/OpenSSL/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/visionsimulator/include/OpenSSL/x509err.h b/visionsimulator/include/OpenSSL/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/visionsimulator/include/OpenSSL/x509err.h
+++ b/visionsimulator/include/OpenSSL/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/visionsimulator/include/OpenSSL/x509v3.h b/visionsimulator/include/OpenSSL/x509v3.h
index ffe75e56..897f02f1 100644
--- a/visionsimulator/include/OpenSSL/x509v3.h
+++ b/visionsimulator/include/OpenSSL/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/visionsimulator/include/OpenSSL/x509v3err.h b/visionsimulator/include/OpenSSL/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/visionsimulator/include/OpenSSL/x509v3err.h
+++ b/visionsimulator/include/OpenSSL/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/visionsimulator/lib/libcrypto.a b/visionsimulator/lib/libcrypto.a
index 585f6eef..9763b6e0 100644
Binary files a/visionsimulator/lib/libcrypto.a and b/visionsimulator/lib/libcrypto.a differ
diff --git a/visionsimulator/lib/libssl.a b/visionsimulator/lib/libssl.a
index f8324670..98882f2e 100644
Binary files a/visionsimulator/lib/libssl.a and b/visionsimulator/lib/libssl.a differ
diff --git a/watchos/include/OpenSSL/asn1.h b/watchos/include/OpenSSL/asn1.h
index 537cce54..ed442559 100644
--- a/watchos/include/OpenSSL/asn1.h
+++ b/watchos/include/OpenSSL/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/watchos/include/OpenSSL/async.h b/watchos/include/OpenSSL/async.h
index b1d3f3c5..50877f4f 100644
--- a/watchos/include/OpenSSL/async.h
+++ b/watchos/include/OpenSSL/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/watchos/include/OpenSSL/bio.h b/watchos/include/OpenSSL/bio.h
index a6b5a123..377fd310 100644
--- a/watchos/include/OpenSSL/bio.h
+++ b/watchos/include/OpenSSL/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/watchos/include/OpenSSL/bioerr.h b/watchos/include/OpenSSL/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/watchos/include/OpenSSL/bioerr.h
+++ b/watchos/include/OpenSSL/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/watchos/include/OpenSSL/bn.h b/watchos/include/OpenSSL/bn.h
index a085e224..0db1f2ac 100644
--- a/watchos/include/OpenSSL/bn.h
+++ b/watchos/include/OpenSSL/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/watchos/include/OpenSSL/cmp.h b/watchos/include/OpenSSL/cmp.h
index b6ce7249..342adaef 100644
--- a/watchos/include/OpenSSL/cmp.h
+++ b/watchos/include/OpenSSL/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/watchos/include/OpenSSL/cmperr.h b/watchos/include/OpenSSL/cmperr.h
index e4f83de0..71fd6353 100644
--- a/watchos/include/OpenSSL/cmperr.h
+++ b/watchos/include/OpenSSL/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/watchos/include/OpenSSL/cms.h b/watchos/include/OpenSSL/cms.h
index 08223a53..a69da9af 100644
--- a/watchos/include/OpenSSL/cms.h
+++ b/watchos/include/OpenSSL/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/watchos/include/OpenSSL/cmserr.h b/watchos/include/OpenSSL/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/watchos/include/OpenSSL/cmserr.h
+++ b/watchos/include/OpenSSL/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/watchos/include/OpenSSL/comp.h b/watchos/include/OpenSSL/comp.h
index fe31acfb..a79df30e 100644
--- a/watchos/include/OpenSSL/comp.h
+++ b/watchos/include/OpenSSL/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/watchos/include/OpenSSL/comperr.h b/watchos/include/OpenSSL/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/watchos/include/OpenSSL/comperr.h
+++ b/watchos/include/OpenSSL/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/watchos/include/OpenSSL/conf.h b/watchos/include/OpenSSL/conf.h
index 0d972c0e..581f435d 100644
--- a/watchos/include/OpenSSL/conf.h
+++ b/watchos/include/OpenSSL/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/watchos/include/OpenSSL/configuration.h b/watchos/include/OpenSSL/configuration.h
index 4f3c8050..2e2e7246 100644
--- a/watchos/include/OpenSSL/configuration.h
+++ b/watchos/include/OpenSSL/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_watchOS
 #  define OPENSSL_SYS_watchOS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -115,6 +121,9 @@ extern "C" {
 # ifndef OPENSSL_NO_TESTS
 #  define OPENSSL_NO_TESTS
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -130,6 +139,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -151,6 +175,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/watchos/include/OpenSSL/core.h b/watchos/include/OpenSSL/core.h
index faf76e25..ca784d25 100644
--- a/watchos/include/OpenSSL/core.h
+++ b/watchos/include/OpenSSL/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/watchos/include/OpenSSL/core_dispatch.h b/watchos/include/OpenSSL/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/watchos/include/OpenSSL/core_dispatch.h
+++ b/watchos/include/OpenSSL/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/watchos/include/OpenSSL/core_names.h b/watchos/include/OpenSSL/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/watchos/include/OpenSSL/core_names.h
+++ b/watchos/include/OpenSSL/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/watchos/include/OpenSSL/crmf.h b/watchos/include/OpenSSL/crmf.h
index 2ba1f045..046c5a61 100644
--- a/watchos/include/OpenSSL/crmf.h
+++ b/watchos/include/OpenSSL/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/watchos/include/OpenSSL/crypto.h b/watchos/include/OpenSSL/crypto.h
index 76489c62..103801de 100644
--- a/watchos/include/OpenSSL/crypto.h
+++ b/watchos/include/OpenSSL/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/watchos/include/OpenSSL/ct.h b/watchos/include/OpenSSL/ct.h
index a7a581be..256b394d 100644
--- a/watchos/include/OpenSSL/ct.h
+++ b/watchos/include/OpenSSL/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/watchos/include/OpenSSL/dherr.h b/watchos/include/OpenSSL/dherr.h
index e6855341..faeefcf0 100644
--- a/watchos/include/OpenSSL/dherr.h
+++ b/watchos/include/OpenSSL/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/watchos/include/OpenSSL/dsa.h b/watchos/include/OpenSSL/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/watchos/include/OpenSSL/dsa.h
+++ b/watchos/include/OpenSSL/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/watchos/include/OpenSSL/e_os2.h b/watchos/include/OpenSSL/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/watchos/include/OpenSSL/e_os2.h
+++ b/watchos/include/OpenSSL/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/watchos/include/OpenSSL/e_ostime.h b/watchos/include/OpenSSL/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/watchos/include/OpenSSL/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/watchos/include/OpenSSL/ec.h b/watchos/include/OpenSSL/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/watchos/include/OpenSSL/ec.h
+++ b/watchos/include/OpenSSL/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/watchos/include/OpenSSL/err.h b/watchos/include/OpenSSL/err.h
index e980e5b9..42124abc 100644
--- a/watchos/include/OpenSSL/err.h
+++ b/watchos/include/OpenSSL/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/watchos/include/OpenSSL/evp.h b/watchos/include/OpenSSL/evp.h
index fb55e4d1..c8290eba 100644
--- a/watchos/include/OpenSSL/evp.h
+++ b/watchos/include/OpenSSL/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/watchos/include/OpenSSL/evperr.h b/watchos/include/OpenSSL/evperr.h
index bc519f98..f36141af 100644
--- a/watchos/include/OpenSSL/evperr.h
+++ b/watchos/include/OpenSSL/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/watchos/include/OpenSSL/hpke.h b/watchos/include/OpenSSL/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/watchos/include/OpenSSL/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/watchos/include/OpenSSL/http.h b/watchos/include/OpenSSL/http.h
index e3f7c8bd..d33cc797 100644
--- a/watchos/include/OpenSSL/http.h
+++ b/watchos/include/OpenSSL/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/watchos/include/OpenSSL/lhash.h b/watchos/include/OpenSSL/lhash.h
index e49b5057..ea77b654 100644
--- a/watchos/include/OpenSSL/lhash.h
+++ b/watchos/include/OpenSSL/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/watchos/include/OpenSSL/macros.h b/watchos/include/OpenSSL/macros.h
index 9f9a7abb..fd950888 100644
--- a/watchos/include/OpenSSL/macros.h
+++ b/watchos/include/OpenSSL/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/watchos/include/OpenSSL/obj_mac.h b/watchos/include/OpenSSL/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/watchos/include/OpenSSL/obj_mac.h
+++ b/watchos/include/OpenSSL/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/watchos/include/OpenSSL/opensslv.h b/watchos/include/OpenSSL/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/watchos/include/OpenSSL/opensslv.h
+++ b/watchos/include/OpenSSL/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/watchos/include/OpenSSL/pem.h b/watchos/include/OpenSSL/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/watchos/include/OpenSSL/pem.h
+++ b/watchos/include/OpenSSL/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/watchos/include/OpenSSL/pkcs12.h b/watchos/include/OpenSSL/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/watchos/include/OpenSSL/pkcs12.h
+++ b/watchos/include/OpenSSL/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/watchos/include/OpenSSL/pkcs12err.h b/watchos/include/OpenSSL/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/watchos/include/OpenSSL/pkcs12err.h
+++ b/watchos/include/OpenSSL/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/watchos/include/OpenSSL/pkcs7.h b/watchos/include/OpenSSL/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/watchos/include/OpenSSL/pkcs7.h
+++ b/watchos/include/OpenSSL/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/watchos/include/OpenSSL/prov_ssl.h b/watchos/include/OpenSSL/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/watchos/include/OpenSSL/prov_ssl.h
+++ b/watchos/include/OpenSSL/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/watchos/include/OpenSSL/proverr.h b/watchos/include/OpenSSL/proverr.h
index 9502d07f..094b212c 100644
--- a/watchos/include/OpenSSL/proverr.h
+++ b/watchos/include/OpenSSL/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/watchos/include/OpenSSL/provider.h b/watchos/include/OpenSSL/provider.h
index dc684007..174aaaff 100644
--- a/watchos/include/OpenSSL/provider.h
+++ b/watchos/include/OpenSSL/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/watchos/include/OpenSSL/quic.h b/watchos/include/OpenSSL/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/watchos/include/OpenSSL/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/watchos/include/OpenSSL/rand.h b/watchos/include/OpenSSL/rand.h
index 886a174d..fbc3a5cf 100644
--- a/watchos/include/OpenSSL/rand.h
+++ b/watchos/include/OpenSSL/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/watchos/include/OpenSSL/rsa.h b/watchos/include/OpenSSL/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/watchos/include/OpenSSL/rsa.h
+++ b/watchos/include/OpenSSL/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/watchos/include/OpenSSL/sha.h b/watchos/include/OpenSSL/sha.h
index 3dce5cd7..967279a7 100644
--- a/watchos/include/OpenSSL/sha.h
+++ b/watchos/include/OpenSSL/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/watchos/include/OpenSSL/srtp.h b/watchos/include/OpenSSL/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/watchos/include/OpenSSL/srtp.h
+++ b/watchos/include/OpenSSL/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/watchos/include/OpenSSL/ssl.h b/watchos/include/OpenSSL/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/watchos/include/OpenSSL/ssl.h
+++ b/watchos/include/OpenSSL/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/watchos/include/OpenSSL/ssl3.h b/watchos/include/OpenSSL/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/watchos/include/OpenSSL/ssl3.h
+++ b/watchos/include/OpenSSL/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/watchos/include/OpenSSL/sslerr.h b/watchos/include/OpenSSL/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/watchos/include/OpenSSL/sslerr.h
+++ b/watchos/include/OpenSSL/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/watchos/include/OpenSSL/store.h b/watchos/include/OpenSSL/store.h
index a5cbcdd1..ed0b6254 100644
--- a/watchos/include/OpenSSL/store.h
+++ b/watchos/include/OpenSSL/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/watchos/include/OpenSSL/thread.h b/watchos/include/OpenSSL/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/watchos/include/OpenSSL/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/watchos/include/OpenSSL/tls1.h b/watchos/include/OpenSSL/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/watchos/include/OpenSSL/tls1.h
+++ b/watchos/include/OpenSSL/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/watchos/include/OpenSSL/trace.h b/watchos/include/OpenSSL/trace.h
index 3064a013..5d0fd9e6 100644
--- a/watchos/include/OpenSSL/trace.h
+++ b/watchos/include/OpenSSL/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/watchos/include/OpenSSL/ts.h b/watchos/include/OpenSSL/ts.h
index 9d669a64..a7302824 100644
--- a/watchos/include/OpenSSL/ts.h
+++ b/watchos/include/OpenSSL/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/watchos/include/OpenSSL/types.h b/watchos/include/OpenSSL/types.h
index b2281f69..413c20c5 100644
--- a/watchos/include/OpenSSL/types.h
+++ b/watchos/include/OpenSSL/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/watchos/include/OpenSSL/x509.h b/watchos/include/OpenSSL/x509.h
index 88cde83c..9dbb2b97 100644
--- a/watchos/include/OpenSSL/x509.h
+++ b/watchos/include/OpenSSL/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/watchos/include/OpenSSL/x509_vfy.h b/watchos/include/OpenSSL/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/watchos/include/OpenSSL/x509_vfy.h
+++ b/watchos/include/OpenSSL/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/watchos/include/OpenSSL/x509err.h b/watchos/include/OpenSSL/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/watchos/include/OpenSSL/x509err.h
+++ b/watchos/include/OpenSSL/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/watchos/include/OpenSSL/x509v3.h b/watchos/include/OpenSSL/x509v3.h
index ffe75e56..897f02f1 100644
--- a/watchos/include/OpenSSL/x509v3.h
+++ b/watchos/include/OpenSSL/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/watchos/include/OpenSSL/x509v3err.h b/watchos/include/OpenSSL/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/watchos/include/OpenSSL/x509v3err.h
+++ b/watchos/include/OpenSSL/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/watchos/lib/libcrypto.a b/watchos/lib/libcrypto.a
index 11f9ba34..a6313840 100644
Binary files a/watchos/lib/libcrypto.a and b/watchos/lib/libcrypto.a differ
diff --git a/watchos/lib/libssl.a b/watchos/lib/libssl.a
index 06967401..f176a47f 100644
Binary files a/watchos/lib/libssl.a and b/watchos/lib/libssl.a differ
diff --git a/watchsimulator/include/OpenSSL/asn1.h b/watchsimulator/include/OpenSSL/asn1.h
index 537cce54..ed442559 100644
--- a/watchsimulator/include/OpenSSL/asn1.h
+++ b/watchsimulator/include/OpenSSL/asn1.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/asn1.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR)
 
 
 
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
  * holder for the location where indefinite length constructed data should be
@@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len);
 
 void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq);
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                             ASN1_OCTET_STRING **oct);
diff --git a/watchsimulator/include/OpenSSL/async.h b/watchsimulator/include/OpenSSL/async.h
index b1d3f3c5..50877f4f 100644
--- a/watchsimulator/include/OpenSSL/async.h
+++ b/watchsimulator/include/OpenSSL/async.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
 
 int ASYNC_is_capable(void);
 
+typedef void *(*ASYNC_stack_alloc_fn)(size_t *num);
+typedef void (*ASYNC_stack_free_fn)(void *addr);
+
+int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn,
+                            ASYNC_stack_free_fn free_fn);
+void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn,
+                             ASYNC_stack_free_fn *free_fn);
+
 int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
                     int (*func)(void *), void *args, size_t size);
 int ASYNC_pause_job(void);
diff --git a/watchsimulator/include/OpenSSL/bio.h b/watchsimulator/include/OpenSSL/bio.h
index a6b5a123..377fd310 100644
--- a/watchsimulator/include/OpenSSL/bio.h
+++ b/watchsimulator/include/OpenSSL/bio.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/bio.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,8 @@ extern "C" {
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
 # define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_PAIR     (26|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_DGRAM_MEM      (27|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -171,6 +173,30 @@ extern "C" {
 # define BIO_CTRL_SET_INDENT                    80
 # define BIO_CTRL_GET_INDENT                    81
 
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP      82
+# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE   83
+# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE   84
+# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS      85
+# define BIO_CTRL_DGRAM_GET_CAPS                86
+# define BIO_CTRL_DGRAM_SET_CAPS                87
+# define BIO_CTRL_DGRAM_GET_NO_TRUNC            88
+# define BIO_CTRL_DGRAM_SET_NO_TRUNC            89
+
+/*
+ * internal BIO:
+ * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90
+ */
+
+# define BIO_CTRL_GET_RPOLL_DESCRIPTOR          91
+# define BIO_CTRL_GET_WPOLL_DESCRIPTOR          92
+# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR        93
+
+# define BIO_DGRAM_CAP_NONE                 0U
+# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR     (1U << 0)
+# define BIO_DGRAM_CAP_HANDLES_DST_ADDR     (1U << 1)
+# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR    (1U << 2)
+# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR    (1U << 3)
+
 # ifndef OPENSSL_NO_KTLS
 #  define BIO_get_ktls_send(b)         \
      (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
@@ -208,7 +234,7 @@ extern "C" {
 # define BIO_FLAGS_NONCLEAR_RST  0x400
 # define BIO_FLAGS_IN_EOF        0x800
 
-/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
@@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_RR_ACCEPT                   0x03
 
 /* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
+# define BIO_CB_FREE        0x01
+# define BIO_CB_READ        0x02
+# define BIO_CB_WRITE       0x03
+# define BIO_CB_PUTS        0x04
+# define BIO_CB_GETS        0x05
+# define BIO_CB_CTRL        0x06
+# define BIO_CB_RECVMMSG    0x07
+# define BIO_CB_SENDMMSG    0x08
 
 /*
  * The callback is called before and after the underling operation, The
@@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
+/* BIO_sendmmsg/BIO_recvmmsg-related definitions */
+typedef struct bio_msg_st {
+    void *data;
+    size_t data_len;
+    BIO_ADDR *peer, *local;
+    uint64_t flags;
+} BIO_MSG;
+
+typedef struct bio_mmsg_cb_args_st {
+    BIO_MSG    *msg;
+    size_t      stride, num_msg;
+    uint64_t    flags;
+    size_t     *msgs_processed;
+} BIO_MMSG_CB_ARGS;
+
+#define BIO_POLL_DESCRIPTOR_TYPE_NONE       0
+#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD    1
+#define BIO_POLL_DESCRIPTOR_CUSTOM_START    8192
+
+typedef struct bio_poll_descriptor_st {
+    uint32_t type;
+    union {
+        int         fd;
+        void        *custom;
+        uintptr_t   custom_ui;
+    } value;
+} BIO_POLL_DESCRIPTOR;
+
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo {
 
 # define BIO_C_SET_CONNECT_MODE                  155
 
+# define BIO_C_SET_TFO                           156 /* like BIO_C_SET_NBIO */
+
+# define BIO_C_SET_SOCK_TYPE                     157
+# define BIO_C_GET_SOCK_TYPE                     158
+# define BIO_C_GET_DGRAM_BIO                     159
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)               BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_tfo(b,n)                BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL)
 
 # ifndef OPENSSL_NO_SOCK
 /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
@@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
 #  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_get_conn_mode(b)          BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+#  define BIO_set_sock_type(b,t)        BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL)
+#  define BIO_get_sock_type(b)          BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL)
+#  define BIO_get0_dgram_bio(b, p)      BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p))
 
 /* BIO_s_accept() */
 #  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
@@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo {
                                                  (char *)(bio))
 #  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
 #  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+#  define BIO_set_tfo_accept(b,n)       BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL)
 
 /* Aliases kept for backward compatibility */
 #  define BIO_BIND_NORMAL                 0
@@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_detect_peer_addr(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+# define BIO_dgram_get_local_addr_cap(b) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL)
+# define BIO_dgram_get_local_addr_enable(b, penable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable))
+# define BIO_dgram_set_local_addr_enable(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL)
+# define BIO_dgram_get_effective_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL)
+# define BIO_dgram_get_caps(b) \
+         (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL)
+# define BIO_dgram_set_caps(b, caps) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL)
+# define BIO_dgram_get_no_trunc(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL)
+# define BIO_dgram_set_no_trunc(b, enable) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL)
+# define BIO_dgram_get_mtu(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL)
+# define BIO_dgram_set_mtu(b, mtu) \
+         (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL)
 
 /* ctrl macros for BIO_f_prefix */
 # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p))
@@ -640,10 +730,18 @@ void BIO_vfree(BIO *a);
 int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
 int BIO_gets(BIO *bp, char *buf, int size);
 int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
+                        size_t stride, size_t num_msg, uint64_t flags,
+                        size_t *msgs_processed);
+__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
+__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
@@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
 const BIO_METHOD *BIO_s_mem(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_mem(void);
+# endif
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
 # ifndef OPENSSL_NO_SOCK
@@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
 const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_dgram_pair(void);
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
 BIO *BIO_new_dgram(int fd, int close_flag);
@@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
 # ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
+int BIO_err_is_non_fatal(unsigned int errcode);
 int BIO_socket_wait(int fd, int for_read, time_t max_time);
 # endif
 int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds);
@@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data,
 
 # ifndef OPENSSL_NO_SOCK
 BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src);
+BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap);
 int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
                      const void *where, size_t wherelen, unsigned short port);
 void BIO_ADDR_free(BIO_ADDR *);
@@ -788,6 +893,7 @@ int BIO_sock_info(int sock,
 #  define BIO_SOCK_KEEPALIVE    0x04
 #  define BIO_SOCK_NONBLOCK     0x08
 #  define BIO_SOCK_NODELAY      0x10
+#  define BIO_SOCK_TFO          0x20
 
 int BIO_socket(int domain, int socktype, int protocol, int options);
 int BIO_connect(int sock, const BIO_ADDR *addr, int options);
@@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
+# ifndef OPENSSL_NO_DGRAM
+int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1,
+                           BIO **bio2, size_t writebuf2);
+# endif
+
 /*
  * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
@@ -856,12 +967,24 @@ int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*write) (BIO *, const char *, int));
 int BIO_meth_set_write_ex(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_sendmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
 int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*read) (BIO *, char *, int));
 int BIO_meth_set_read_ex(BIO_METHOD *biom,
                          int (*bread) (BIO *, char *, size_t, size_t *));
+int BIO_meth_set_recvmmsg(BIO_METHOD *biom,
+                          int (*f) (BIO *, BIO_MSG *, size_t, size_t,
+                                    uint64_t, size_t *));
+int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *,
+                                                     size_t, size_t,
+                                                     uint64_t, size_t *);
 int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
 int BIO_meth_set_puts(BIO_METHOD *biom,
                       int (*puts) (BIO *, const char *));
diff --git a/watchsimulator/include/OpenSSL/bioerr.h b/watchsimulator/include/OpenSSL/bioerr.h
index 82ceeedc..a0e88da6 100644
--- a/watchsimulator/include/OpenSSL/bioerr.h
+++ b/watchsimulator/include/OpenSSL/bioerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,14 +37,18 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NON_FATAL                                  112
 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
 # define BIO_R_NULL_PARAMETER                             115 /* unused */
+# define BIO_R_TFO_DISABLED                               106
+# define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
 # define BIO_R_TRANSFER_TIMEOUT                           105
 # define BIO_R_UNABLE_TO_BIND_SOCKET                      117
@@ -53,6 +57,7 @@
 # define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
 # define BIO_R_UNABLE_TO_NODELAY                          138
 # define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNABLE_TO_TFO                              109
 # define BIO_R_UNAVAILABLE_IP_FAMILY                      145
 # define BIO_R_UNINITIALIZED                              120
 # define BIO_R_UNKNOWN_INFO_TYPE                          140
@@ -61,5 +66,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
+# define BIO_R_PORT_MISMATCH                              150
+# define BIO_R_PEER_ADDR_NOT_AVAILABLE                    151
 
 #endif
diff --git a/watchsimulator/include/OpenSSL/bn.h b/watchsimulator/include/OpenSSL/bn.h
index a085e224..0db1f2ac 100644
--- a/watchsimulator/include/OpenSSL/bn.h
+++ b/watchsimulator/include/OpenSSL/bn.h
@@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a);
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
 void BN_swap(BIGNUM *a, BIGNUM *b);
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2bin(const BIGNUM *a, unsigned char *to);
 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
+BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen);
 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
 int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
diff --git a/watchsimulator/include/OpenSSL/cmp.h b/watchsimulator/include/OpenSSL/cmp.h
index b6ce7249..342adaef 100644
--- a/watchsimulator/include/OpenSSL/cmp.h
+++ b/watchsimulator/include/OpenSSL/cmp.h
@@ -35,7 +35,9 @@
 extern "C" {
 #  endif
 
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
 
 /*-
  *   PKIFailureInfo ::= BIT STRING {
@@ -137,7 +139,6 @@ extern "C" {
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
 #   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
-
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 
 #  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
@@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
 #  define OSSL_CMP_PKISTATUS_revocationWarning      4
 #  define OSSL_CMP_PKISTATUS_revocationNotification 5
 #  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
-
 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
+
 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
@@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
+int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
+
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
+const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
 /* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
 /* CMP transfer options: */
-#  define OSSL_CMP_OPT_KEEP_ALIVE 10
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_KEEP_ALIVE    10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT   11
 #  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+#  define OSSL_CMP_OPT_USE_TLS       13
 /* CMP request options: */
 #  define OSSL_CMP_OPT_VALIDITY_DAYS 20
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
@@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+#   ifndef OPENSSL_NO_HTTP
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+#   endif
 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+#  define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+#  define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
 /* client authentication: */
@@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
                                       const GENERAL_NAME *name);
@@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
 #  define OSSL_CMP_PKISI_BUFLEN 1024
+X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
@@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
 /* from cmp_http.c */
+#   ifndef OPENSSL_NO_HTTP
 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                                         const OSSL_CMP_MSG *req);
+#   endif
 
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
@@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
+/* from cmp_genm.c */
+int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/watchsimulator/include/OpenSSL/cmperr.h b/watchsimulator/include/OpenSSL/cmperr.h
index e4f83de0..71fd6353 100644
--- a/watchsimulator/include/OpenSSL/cmperr.h
+++ b/watchsimulator/include/OpenSSL/cmperr.h
@@ -59,8 +59,11 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GETTING_GENP                               192
 #  define CMP_R_INVALID_ARGS                               100
+#  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
@@ -94,6 +97,7 @@
 #  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
 #  define CMP_R_TRANSFER_ERROR                             159
+#  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
diff --git a/watchsimulator/include/OpenSSL/cms.h b/watchsimulator/include/OpenSSL/cms.h
index 08223a53..a69da9af 100644
--- a/watchsimulator/include/OpenSSL/cms.h
+++ b/watchsimulator/include/OpenSSL/cms.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/cms.h.in
  *
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,8 +31,10 @@
 extern "C" {
 # endif
 
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_SignedData_st CMS_SignedData;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
@@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice,
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp)))
 
 
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
               unsigned int flags);
+int CMS_final_digest(CMS_ContentInfo *cms,
+                     const unsigned char *md, unsigned int mdlen, BIO *dcont,
+                     unsigned int flags);
 
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
                              STACK_OF(X509) *certs, BIO *data,
-                             unsigned int flags, OSSL_LIB_CTX *ctx,
+                             unsigned int flags, OSSL_LIB_CTX *libctx,
                              const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
-                                    OSSL_LIB_CTX *ctx, const char *propq);
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
-                                      unsigned int flags, OSSL_LIB_CTX *ctx,
+                                      unsigned int flags, OSSL_LIB_CTX *libctx,
                                       const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
                               BIO *dcont, BIO *out, unsigned int flags);
-
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
                                               const unsigned char *key,
                                               size_t keylen, unsigned int flags,
-                                              OSSL_LIB_CTX *ctx,
+                                              OSSL_LIB_CTX *libctx,
                                               const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
@@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
                                 const EVP_CIPHER *cipher, unsigned int flags,
-                                OSSL_LIB_CTX *ctx, const char *propq);
+                                OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
-                                             OSSL_LIB_CTX *ctx,
+                                             OSSL_LIB_CTX *libctx,
                                              const char *propq);
+BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
+                               EVP_PKEY *pkey, X509 *cert,
+                               ASN1_OCTET_STRING *secret, unsigned int flags,
+                               OSSL_LIB_CTX *libctx, const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
+                           STACK_OF(X509) *scerts, X509_STORE *store,
+                           STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+                           unsigned int flags,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
@@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
-    OSSL_LIB_CTX *ctx);
+    OSSL_LIB_CTX *libctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
diff --git a/watchsimulator/include/OpenSSL/cmserr.h b/watchsimulator/include/OpenSSL/cmserr.h
index ec9c1497..4b651ac3 100644
--- a/watchsimulator/include/OpenSSL/cmserr.h
+++ b/watchsimulator/include/OpenSSL/cmserr.h
@@ -86,6 +86,7 @@
 #  define CMS_R_NO_PUBLIC_KEY                              134
 #  define CMS_R_NO_RECEIPT_REQUEST                         168
 #  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_OPERATION_UNSUPPORTED                      182
 #  define CMS_R_PEER_KEY_ERROR                             188
 #  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 #  define CMS_R_RECEIPT_DECODE_ERROR                       169
diff --git a/watchsimulator/include/OpenSSL/comp.h b/watchsimulator/include/OpenSSL/comp.h
index fe31acfb..a79df30e 100644
--- a/watchsimulator/include/OpenSSL/comp.h
+++ b/watchsimulator/include/OpenSSL/comp.h
@@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
 
 COMP_METHOD *COMP_zlib(void);
+COMP_METHOD *COMP_zlib_oneshot(void);
+COMP_METHOD *COMP_brotli(void);
+COMP_METHOD *COMP_brotli_oneshot(void);
+COMP_METHOD *COMP_zstd(void);
+COMP_METHOD *COMP_zstd_oneshot(void);
 
 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
 # define COMP_zlib_cleanup() while(0) continue
 #endif
 
 # ifdef OPENSSL_BIO_H
-#  ifdef ZLIB
 const BIO_METHOD *BIO_f_zlib(void);
-#  endif
+const BIO_METHOD *BIO_f_brotli(void);
+const BIO_METHOD *BIO_f_zstd(void);
 # endif
 
 
diff --git a/watchsimulator/include/OpenSSL/comperr.h b/watchsimulator/include/OpenSSL/comperr.h
index 64f4bb42..d1f42d40 100644
--- a/watchsimulator/include/OpenSSL/comperr.h
+++ b/watchsimulator/include/OpenSSL/comperr.h
@@ -23,9 +23,16 @@
 /*
  * COMP reason codes.
  */
+#  define COMP_R_BROTLI_DECODE_ERROR                       102
+#  define COMP_R_BROTLI_ENCODE_ERROR                       103
+#  define COMP_R_BROTLI_NOT_SUPPORTED                      104
 #  define COMP_R_ZLIB_DEFLATE_ERROR                        99
 #  define COMP_R_ZLIB_INFLATE_ERROR                        100
 #  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+#  define COMP_R_ZSTD_COMPRESS_ERROR                       105
+#  define COMP_R_ZSTD_DECODE_ERROR                         106
+#  define COMP_R_ZSTD_DECOMPRESS_ERROR                     107
+#  define COMP_R_ZSTD_NOT_SUPPORTED                        108
 
 # endif
 #endif
diff --git a/watchsimulator/include/OpenSSL/conf.h b/watchsimulator/include/OpenSSL/conf.h
index 0d972c0e..581f435d 100644
--- a/watchsimulator/include/OpenSSL/conf.h
+++ b/watchsimulator/include/OpenSSL/conf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/conf.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/watchsimulator/include/OpenSSL/configuration.h b/watchsimulator/include/OpenSSL/configuration.h
index 4f3c8050..2e2e7246 100644
--- a/watchsimulator/include/OpenSSL/configuration.h
+++ b/watchsimulator/include/OpenSSL/configuration.h
@@ -30,7 +30,7 @@ extern "C" {
 # ifndef OPENSSL_SYS_watchOS
 #  define OPENSSL_SYS_watchOS 1
 # endif
-# define OPENSSL_CONFIGURED_API 30100
+# define OPENSSL_CONFIGURED_API 30200
 # ifndef OPENSSL_RAND_SEED_OS
 #  define OPENSSL_RAND_SEED_OS
 # endif
@@ -52,6 +52,12 @@ extern "C" {
 # ifndef OPENSSL_NO_ASYNC
 #  define OPENSSL_NO_ASYNC
 # endif
+# ifndef OPENSSL_NO_BROTLI
+#  define OPENSSL_NO_BROTLI
+# endif
+# ifndef OPENSSL_NO_BROTLI_DYNAMIC
+#  define OPENSSL_NO_BROTLI_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_CAPIENG
 #  define OPENSSL_NO_CAPIENG
 # endif
@@ -115,6 +121,9 @@ extern "C" {
 # ifndef OPENSSL_NO_TESTS
 #  define OPENSSL_NO_TESTS
 # endif
+# ifndef OPENSSL_NO_TFO
+#  define OPENSSL_NO_TFO
+# endif
 # ifndef OPENSSL_NO_TRACE
 #  define OPENSSL_NO_TRACE
 # endif
@@ -130,6 +139,21 @@ extern "C" {
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 #  define OPENSSL_NO_WEAK_SSL_CIPHERS
 # endif
+# ifndef OPENSSL_NO_WINSTORE
+#  define OPENSSL_NO_WINSTORE
+# endif
+# ifndef OPENSSL_NO_ZLIB
+#  define OPENSSL_NO_ZLIB
+# endif
+# ifndef OPENSSL_NO_ZLIB_DYNAMIC
+#  define OPENSSL_NO_ZLIB_DYNAMIC
+# endif
+# ifndef OPENSSL_NO_ZSTD
+#  define OPENSSL_NO_ZSTD
+# endif
+# ifndef OPENSSL_NO_ZSTD_DYNAMIC
+#  define OPENSSL_NO_ZSTD_DYNAMIC
+# endif
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #  define OPENSSL_NO_DYNAMIC_ENGINE
 # endif
@@ -151,6 +175,12 @@ extern "C" {
 
 # define RC4_INT unsigned char
 
+# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB))
+#  define OPENSSL_NO_COMP_ALG
+# else
+#  undef  OPENSSL_NO_COMP_ALG
+# endif
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/watchsimulator/include/OpenSSL/core.h b/watchsimulator/include/OpenSSL/core.h
index faf76e25..ca784d25 100644
--- a/watchsimulator/include/OpenSSL/core.h
+++ b/watchsimulator/include/OpenSSL/core.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,9 @@ struct ossl_dispatch_st {
     void (*function)(void);
 };
 
+# define OSSL_DISPATCH_END \
+    { 0, NULL }
+
 /*
  * Other items, essentially an int<->pointer map element.
  *
diff --git a/watchsimulator/include/OpenSSL/core_dispatch.h b/watchsimulator/include/OpenSSL/core_dispatch.h
index ae25fbc2..b146f1f1 100644
--- a/watchsimulator/include/OpenSSL/core_dispatch.h
+++ b/watchsimulator/include/OpenSSL/core_dispatch.h
@@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                     (const void *keydata_from, int selection))
 
+/* Extended import and export functions */
+# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX            45
+# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX            46
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex,
+                    (void *provctx, int selection))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex,
+                    (void *provctx, int selection))
+
 /* Key Exchange */
 
 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1
@@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params,
 # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS     9
 # define OSSL_FUNC_KEM_SET_CTX_PARAMS         10
 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS    11
+# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT  12
+# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT  13
 
 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey,
+                                                     void *authprivkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            unsigned char *secret,
                                            size_t *secretlen))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey,
                                                 const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey,
+                                                     void *authpubkey,
+                                                     const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx,
                                            unsigned char *out, size_t *outlen,
                                            const unsigned char *in, size_t inlen))
@@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object,
 #define OSSL_FUNC_STORE_EOF                         6
 #define OSSL_FUNC_STORE_CLOSE                       7
 #define OSSL_FUNC_STORE_EXPORT_OBJECT               8
+#define OSSL_FUNC_STORE_DELETE                      9
+#define OSSL_FUNC_STORE_OPEN_EX                     10
 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri))
 OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params,
@@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx))
 OSSL_CORE_MAKE_FUNC(int, store_export_object,
                     (void *loaderctx, const void *objref, size_t objref_sz,
                      OSSL_CALLBACK *export_cb, void *export_cbarg))
+OSSL_CORE_MAKE_FUNC(int, store_delete,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
+OSSL_CORE_MAKE_FUNC(void *, store_open_ex,
+                    (void *provctx, const char *uri, const OSSL_PARAM params[],
+                     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg))
 
 # ifdef __cplusplus
 }
diff --git a/watchsimulator/include/OpenSSL/core_names.h b/watchsimulator/include/OpenSSL/core_names.h
index 0a6ec1bb..ffffe90f 100644
--- a/watchsimulator/include/OpenSSL/core_names.h
+++ b/watchsimulator/include/OpenSSL/core_names.h
@@ -1,4 +1,7 @@
 /*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/core_names.h.in
+ *
  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +10,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+
 #ifndef OPENSSL_CORE_NAMES_H
 # define OPENSSL_CORE_NAMES_H
 # pragma once
@@ -15,544 +19,454 @@
 extern "C" {
 # endif
 
-/* Well known parameter names that core passes to providers */
-#define OSSL_PROV_PARAM_CORE_VERSION         "openssl-version" /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_PROV_NAME       "provider-name"   /* utf8_ptr */
-#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */
-
-/* Well known parameter names that Providers can define */
-#define OSSL_PROV_PARAM_NAME               "name"                /* utf8_ptr */
-#define OSSL_PROV_PARAM_VERSION            "version"             /* utf8_ptr */
-#define OSSL_PROV_PARAM_BUILDINFO          "buildinfo"           /* utf8_ptr */
-#define OSSL_PROV_PARAM_STATUS             "status"              /* uint */
-#define OSSL_PROV_PARAM_SECURITY_CHECKS    "security-checks"     /* uint */
-#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"  /* uint */
-#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"    /* uint */
-
-/* Self test callback parameters */
-#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
-#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
-
-/*-
- * Provider-native object abstractions
- *
- * These are used when a provider wants to pass object data or an object
- * reference back to libcrypto.  This is only useful for provider functions
- * that take a callback to which an OSSL_PARAM array with these parameters
- * can be passed.
- *
- * This set of parameter names is explained in detail in provider-object(7)
- * (doc/man7/provider-object.pod)
- */
-#define OSSL_OBJECT_PARAM_TYPE              "type"      /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE         "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DATA_STRUCTURE    "data-structure" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE         "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA              "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC              "desc"      /* UTF8_STRING */
-
-/*
- * Algorithm parameters
- * If "engine" or "properties" are specified, they should always be paired
- * with the algorithm type.
- * Note these are common names that are shared by many types (such as kdf, mac,
- * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below.
- */
-#define OSSL_ALG_PARAM_DIGEST       "digest"    /* utf8_string */
-#define OSSL_ALG_PARAM_CIPHER       "cipher"    /* utf8_string */
-#define OSSL_ALG_PARAM_ENGINE       "engine"    /* utf8_string */
-#define OSSL_ALG_PARAM_MAC          "mac"       /* utf8_string */
-#define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
-
-/* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING              "padding"      /* uint */
-#define OSSL_CIPHER_PARAM_USE_BITS             "use-bits"     /* uint */
-#define OSSL_CIPHER_PARAM_TLS_VERSION          "tls-version"  /* uint */
-#define OSSL_CIPHER_PARAM_TLS_MAC              "tls-mac"      /* octet_ptr */
-#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
-#define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_HAS_RAND_KEY         "has-randkey"  /* int, 0 or 1 */
-#define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
-#define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
-#define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_UPDATED_IV           "updated-iv"   /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
-#define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
-#define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD        "tlsaad"       /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD    "tlsaadpad"    /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED   "tlsivfixed"   /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"     /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN           OSSL_CIPHER_PARAM_IVLEN
-#define OSSL_CIPHER_PARAM_AEAD_TAGLEN          "taglen"       /* size_t */
-#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY         "mackey"       /* octet_string */
-#define OSSL_CIPHER_PARAM_RANDOM_KEY           "randkey"      /* octet_string */
-#define OSSL_CIPHER_PARAM_RC2_KEYBITS          "keybits"      /* size_t */
-#define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
-#define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
-/* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
-
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
-    "tls1multi_maxsndfrag" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE                          \
-    "tls1multi_maxbufsz"   /* size_t */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE                           \
-    "tls1multi_interleave" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD                                  \
-    "tls1multi_aad"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN                          \
-    "tls1multi_aadpacklen" /* uint */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC                                  \
-    "tls1multi_enc"        /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN                               \
-    "tls1multi_encin"      /* octet_string */
-#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN                              \
-    "tls1multi_enclen"     /* size_t */
-
 /* OSSL_CIPHER_PARAM_CTS_MODE Values */
-#define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
-#define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
-#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
-/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
-#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
-#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
-#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV      "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV      "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV      "AES-256-GCM-SIV"
 
 /* Known DIGEST names (not a complete list) */
-#define OSSL_DIGEST_NAME_MD5            "MD5"
-#define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
-#define OSSL_DIGEST_NAME_SHA1           "SHA1"
-#define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
-#define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
-#define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
-#define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
-#define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
-#define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
-#define OSSL_DIGEST_NAME_MD2            "MD2"
-#define OSSL_DIGEST_NAME_MD4            "MD4"
-#define OSSL_DIGEST_NAME_MDC2           "MDC2"
-#define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
-#define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
-#define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
-#define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
-#define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
-#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
-#define OSSL_DIGEST_NAME_SM3            "SM3"
-
-/* MAC parameters */
-#define OSSL_MAC_PARAM_KEY            "key"            /* octet string */
-#define OSSL_MAC_PARAM_IV             "iv"             /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM         "custom"         /* utf8 string */
-#define OSSL_MAC_PARAM_SALT           "salt"           /* octet string */
-#define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
-#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
-
-/*
- * If "engine" or "properties" are specified, they should always be paired
- * with "cipher" or "digest".
- */
-#define OSSL_MAC_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
-#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
-#define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+# define OSSL_DIGEST_NAME_MD5            "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1       "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1           "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
+# define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256   "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2            "MD2"
+# define OSSL_DIGEST_NAME_MD4            "MD4"
+# define OSSL_DIGEST_NAME_MDC2           "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160      "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224       "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256       "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384       "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* Known MAC names */
-#define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
-#define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
-#define OSSL_MAC_NAME_CMAC          "CMAC"
-#define OSSL_MAC_NAME_GMAC          "GMAC"
-#define OSSL_MAC_NAME_HMAC          "HMAC"
-#define OSSL_MAC_NAME_KMAC128       "KMAC128"
-#define OSSL_MAC_NAME_KMAC256       "KMAC256"
-#define OSSL_MAC_NAME_POLY1305      "POLY1305"
-#define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
-
-/* KDF / PRF parameters */
-#define OSSL_KDF_PARAM_SECRET       "secret"    /* octet string */
-#define OSSL_KDF_PARAM_KEY          "key"       /* octet string */
-#define OSSL_KDF_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_KDF_PARAM_PASSWORD     "pass"      /* octet string */
-#define OSSL_KDF_PARAM_PREFIX       "prefix"    /* octet string */
-#define OSSL_KDF_PARAM_LABEL        "label"     /* octet string */
-#define OSSL_KDF_PARAM_DATA         "data"      /* octet string */
-#define OSSL_KDF_PARAM_DIGEST       OSSL_ALG_PARAM_DIGEST     /* utf8 string */
-#define OSSL_KDF_PARAM_CIPHER       OSSL_ALG_PARAM_CIPHER     /* utf8 string */
-#define OSSL_KDF_PARAM_MAC          OSSL_ALG_PARAM_MAC        /* utf8 string */
-#define OSSL_KDF_PARAM_MAC_SIZE     "maclen"    /* size_t */
-#define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_KDF_PARAM_ITER         "iter"      /* unsigned int */
-#define OSSL_KDF_PARAM_MODE         "mode"      /* utf8 string or int */
-#define OSSL_KDF_PARAM_PKCS5        "pkcs5"     /* int */
-#define OSSL_KDF_PARAM_UKM          "ukm"       /* octet string */
-#define OSSL_KDF_PARAM_CEK_ALG      "cekalg"    /* utf8 string */
-#define OSSL_KDF_PARAM_SCRYPT_N     "n"         /* uint64_t */
-#define OSSL_KDF_PARAM_SCRYPT_R     "r"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_P     "p"         /* uint32_t */
-#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */
-#define OSSL_KDF_PARAM_INFO         "info"      /* octet string */
-#define OSSL_KDF_PARAM_SEED         "seed"      /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */
-#define OSSL_KDF_PARAM_SSHKDF_TYPE  "type"      /* int */
-#define OSSL_KDF_PARAM_SIZE         "size"      /* size_t */
-#define OSSL_KDF_PARAM_CONSTANT     "constant"  /* octet string */
-#define OSSL_KDF_PARAM_PKCS12_ID    "id"        /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_L  "use-l"             /* int */
-#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR  "use-separator"     /* int */
-#define OSSL_KDF_PARAM_KBKDF_R      "r"         /* int */
-#define OSSL_KDF_PARAM_X942_ACVPINFO        "acvp-info"
-#define OSSL_KDF_PARAM_X942_PARTYUINFO      "partyu-info"
-#define OSSL_KDF_PARAM_X942_PARTYVINFO      "partyv-info"
-#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
-#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
-#define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
+# define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC    "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC          "CMAC"
+# define OSSL_MAC_NAME_GMAC          "GMAC"
+# define OSSL_MAC_NAME_HMAC          "HMAC"
+# define OSSL_MAC_NAME_KMAC128       "KMAC128"
+# define OSSL_MAC_NAME_KMAC256       "KMAC256"
+# define OSSL_MAC_NAME_POLY1305      "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH       "SIPHASH"
 
 /* Known KDF names */
-#define OSSL_KDF_NAME_HKDF           "HKDF"
-#define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
-#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
-#define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF          "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
-#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
-#define OSSL_KDF_NAME_X963KDF        "X963KDF"
-#define OSSL_KDF_NAME_KBKDF          "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
-
-/* Known RAND names */
-#define OSSL_RAND_PARAM_STATE                   "state"
-#define OSSL_RAND_PARAM_STRENGTH                "strength"
-#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
-#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
-#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
-#define OSSL_RAND_PARAM_GENERATE                "generate"
-
-/* RAND/DRBG names */
-#define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
-#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
-#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
-#define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
-#define OSSL_DRBG_PARAM_MAX_NONCELEN            "max_noncelen"
-#define OSSL_DRBG_PARAM_MAX_PERSLEN             "max_perslen"
-#define OSSL_DRBG_PARAM_MAX_ADINLEN             "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_COUNTER          "reseed_counter"
-#define OSSL_DRBG_PARAM_RESEED_TIME             "reseed_time"
-#define OSSL_DRBG_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DRBG_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
-#define OSSL_DRBG_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
-#define OSSL_DRBG_PARAM_MAC                     OSSL_ALG_PARAM_MAC
-#define OSSL_DRBG_PARAM_USE_DF                  "use_derivation_function"
-
-/* DRBG call back parameters */
-#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED        "entropy_required"
-#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE   "prediction_resistance"
-#define OSSL_DRBG_PARAM_MIN_LENGTH              "minium_length"
-#define OSSL_DRBG_PARAM_MAX_LENGTH              "maxium_length"
-#define OSSL_DRBG_PARAM_RANDOM_DATA             "random_data"
-#define OSSL_DRBG_PARAM_SIZE                    "size"
-
-/* PKEY parameters */
-/* Common PKEY parameters */
-#define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
-#define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
-#define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
-#define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_CIPHER              OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_PKEY_PARAM_ENGINE              OSSL_ALG_PARAM_ENGINE /* utf8 string */
-#define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
-#define OSSL_PKEY_PARAM_PAD_MODE            "pad-mode"
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
-#define OSSL_PKEY_PARAM_MASKGENFUNC         "mgf"
-#define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
-#define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
-#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY  "encoded-pub-key"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
-#define OSSL_PKEY_PARAM_DIST_ID             "distid"
-#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
-#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
-
-/* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P               "p"
-#define OSSL_PKEY_PARAM_FFC_G               "g"
-#define OSSL_PKEY_PARAM_FFC_Q               "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
-#define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
-
-/* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
-
-/* Elliptic Curve Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
-#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
-
-/* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
-#define OSSL_PKEY_PARAM_EC_P                            "p"
-#define OSSL_PKEY_PARAM_EC_A                            "a"
-#define OSSL_PKEY_PARAM_EC_B                            "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
-#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
-
-/* Elliptic Curve Key Parameters */
-#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
-#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
-    OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
-
-/* RSA Keys */
-/*
- * n, e, d are the usual public and private key components
- *
- * rsa-num is the number of factors, including p and q
- * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
- * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
- * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
- *
- * The number of rsa-factor items must be equal to the number of rsa-exponent
- * items, and the number of rsa-coefficients must be one less.
- * (the base i for the coefficients is 2, not 1, at least as implied by
- * RFC 8017)
- */
-#define OSSL_PKEY_PARAM_RSA_N           "n"
-#define OSSL_PKEY_PARAM_RSA_E           "e"
-#define OSSL_PKEY_PARAM_RSA_D           "d"
-#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
-#define OSSL_PKEY_PARAM_RSA_FACTOR1      OSSL_PKEY_PARAM_RSA_FACTOR"1"
-#define OSSL_PKEY_PARAM_RSA_FACTOR2      OSSL_PKEY_PARAM_RSA_FACTOR"2"
-#define OSSL_PKEY_PARAM_RSA_FACTOR3      OSSL_PKEY_PARAM_RSA_FACTOR"3"
-#define OSSL_PKEY_PARAM_RSA_FACTOR4      OSSL_PKEY_PARAM_RSA_FACTOR"4"
-#define OSSL_PKEY_PARAM_RSA_FACTOR5      OSSL_PKEY_PARAM_RSA_FACTOR"5"
-#define OSSL_PKEY_PARAM_RSA_FACTOR6      OSSL_PKEY_PARAM_RSA_FACTOR"6"
-#define OSSL_PKEY_PARAM_RSA_FACTOR7      OSSL_PKEY_PARAM_RSA_FACTOR"7"
-#define OSSL_PKEY_PARAM_RSA_FACTOR8      OSSL_PKEY_PARAM_RSA_FACTOR"8"
-#define OSSL_PKEY_PARAM_RSA_FACTOR9      OSSL_PKEY_PARAM_RSA_FACTOR"9"
-#define OSSL_PKEY_PARAM_RSA_FACTOR10     OSSL_PKEY_PARAM_RSA_FACTOR"10"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT1    OSSL_PKEY_PARAM_RSA_EXPONENT"1"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT2    OSSL_PKEY_PARAM_RSA_EXPONENT"2"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT3    OSSL_PKEY_PARAM_RSA_EXPONENT"3"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT4    OSSL_PKEY_PARAM_RSA_EXPONENT"4"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT5    OSSL_PKEY_PARAM_RSA_EXPONENT"5"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT6    OSSL_PKEY_PARAM_RSA_EXPONENT"6"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT7    OSSL_PKEY_PARAM_RSA_EXPONENT"7"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT8    OSSL_PKEY_PARAM_RSA_EXPONENT"8"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT9    OSSL_PKEY_PARAM_RSA_EXPONENT"9"
-#define OSSL_PKEY_PARAM_RSA_EXPONENT10   OSSL_PKEY_PARAM_RSA_EXPONENT"10"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8"
-#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9"
+# define OSSL_KDF_NAME_HKDF           "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF     "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF          "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF       "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1   "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF        "X963KDF"
+# define OSSL_KDF_NAME_KBKDF          "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF        "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF    "HMAC-DRBG-KDF"
 
 /* RSA padding modes */
-#define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
-#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
-#define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
-#define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
-#define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
+# define OSSL_PKEY_RSA_PAD_MODE_NONE    "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP    "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931    "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS     "pss"
 
 /* RSA pss padding salt length */
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
-#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
-#define OSSL_PKEY_PARAM_RSA_PRIMES           "primes"
-#define OSSL_PKEY_PARAM_RSA_DIGEST           OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS     OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC      OSSL_PKEY_PARAM_MASKGENFUNC
-#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST      OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN      "saltlen"
-
-/* Key generation parameters */
-#define OSSL_PKEY_PARAM_FFC_TYPE         "type"
-#define OSSL_PKEY_PARAM_FFC_PBITS        "pbits"
-#define OSSL_PKEY_PARAM_FFC_QBITS        "qbits"
-#define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-
-#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
-#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
-#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
-#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
-#define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
-#define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
-
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
-#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
-
-#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
-#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
-
-/* Key Exchange parameters */
-#define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
-#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
-#define OSSL_EXCHANGE_PARAM_KDF_TYPE              "kdf-type" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST            "kdf-digest" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS      "kdf-digest-props" /* utf8_string */
-#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN            "kdf-outlen" /* size_t */
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM               "kdf-ukm"
-
-/* Signature parameters */
-#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
-#define OSSL_SIGNATURE_PARAM_PAD_MODE           OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_PROPERTIES         OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN        "saltlen"
-#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST        OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-
-/* Asym cipher parameters */
-#define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES               OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_ENGINE                   OSSL_PKEY_PARAM_ENGINE
-#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST              \
-    OSSL_PKEY_PARAM_MGF1_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS        \
-    OSSL_PKEY_PARAM_MGF1_PROPERTIES
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS        "digest-props"
-/* The following parameter is an octet_string on set and an octet_ptr on get */
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
-#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
-
-/*
- * Encoder / decoder parameters
- */
-#define OSSL_ENCODER_PARAM_CIPHER           OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-/* Currently PVK only, but reusable for others as needed */
-#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL    "encrypt-level"
-#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS  "save-parameters" /* integer */
-
-#define OSSL_DECODER_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES
-
-/* Passphrase callback parameters */
-#define OSSL_PASSPHRASE_PARAM_INFO      "info"
-
-/* Keygen callback parameters, from provider to libcrypto */
-#define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
-#define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
-/* ACVP Test parameters : These should not be used normally */
-#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
-#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
-#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
-#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
-#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
-#define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
 
-/* KEM parameters */
-#define OSSL_KEM_PARAM_OPERATION            "operation"
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
 
 /* OSSL_KEM_PARAM_OPERATION values */
 #define OSSL_KEM_PARAM_OPERATION_RSASVE     "RSASVE"
-
-/* Capabilities */
-
-/* TLS-GROUP Capability */
-#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
-#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
-#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
-#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
-#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
-#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM            "tls-group-is-kem"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
-#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
-#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
-
-/*-
- * storemgmt parameters
- */
-
-/*
- * Used by storemgmt_ctx_set_params():
- *
- * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
- *   OSSL_STORE_INFO numbers.  This is used to set the expected type of
- *   object loaded.
- *
- * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
- *   OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
- *   OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
- *   are used as search criteria.
- *   (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
- */
-#define OSSL_STORE_PARAM_EXPECT     "expect"       /* INTEGER */
-#define OSSL_STORE_PARAM_SUBJECT    "subject" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_ISSUER     "name" /* DER blob => OCTET_STRING */
-#define OSSL_STORE_PARAM_SERIAL     "serial"       /* INTEGER */
-#define OSSL_STORE_PARAM_DIGEST     "digest"       /* UTF8_STRING */
-#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
-#define OSSL_STORE_PARAM_ALIAS      "alias"        /* UTF8_STRING */
-
-/* You may want to pass properties for the provider implementation to use */
-#define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
-/* OSSL_DECODER input type if a decoder is used by the store */
-#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
+#define OSSL_KEM_PARAM_OPERATION_DHKEM      "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+# define OSSL_ALG_PARAM_CIPHER "cipher"
+# define OSSL_ALG_PARAM_DIGEST "digest"
+# define OSSL_ALG_PARAM_ENGINE "engine"
+# define OSSL_ALG_PARAM_MAC "mac"
+# define OSSL_ALG_PARAM_PROPERTIES "properties"
+# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
+# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
+# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
+# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
+# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
+# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
+# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
+# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype"
+# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls"
+# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid"
+# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name"
+# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid"
+# define OSSL_CIPHER_PARAM_AEAD "aead"
+# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
+# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey"
+# define OSSL_CIPHER_PARAM_AEAD_TAG "tag"
+# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed"
+# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv"
+# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param"
+# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_CIPHER_PARAM_CTS "cts"
+# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode"
+# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv"
+# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey"
+# define OSSL_CIPHER_PARAM_IV "iv"
+# define OSSL_CIPHER_PARAM_IVLEN "ivlen"
+# define OSSL_CIPHER_PARAM_KEYLEN "keylen"
+# define OSSL_CIPHER_PARAM_MODE "mode"
+# define OSSL_CIPHER_PARAM_NUM "num"
+# define OSSL_CIPHER_PARAM_PADDING "padding"
+# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey"
+# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits"
+# define OSSL_CIPHER_PARAM_ROUNDS "rounds"
+# define OSSL_CIPHER_PARAM_SPEED "speed"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz"
+# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag"
+# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac"
+# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size"
+# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version"
+# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv"
+# define OSSL_CIPHER_PARAM_USE_BITS "use-bits"
+# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard"
+# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"
+# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize"
+# define OSSL_DIGEST_PARAM_MICALG "micalg"
+# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type"
+# define OSSL_DIGEST_PARAM_SIZE "size"
+# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms"
+# define OSSL_DIGEST_PARAM_XOF "xof"
+# define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required"
+# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
+# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
+# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length"
+# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
+# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
+# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
+# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length"
+# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
+# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance"
+# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data"
+# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
+# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
+# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
+# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
+# define OSSL_DRBG_PARAM_SIZE "size"
+# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function"
+# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters"
+# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest"
+# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props"
+# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen"
+# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type"
+# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm"
+# define OSSL_EXCHANGE_PARAM_PAD "pad"
+# define OSSL_GEN_PARAM_ITERATION "iteration"
+# define OSSL_GEN_PARAM_POTENTIAL "potential"
+# define OSSL_KDF_PARAM_ARGON2_AD "ad"
+# define OSSL_KDF_PARAM_ARGON2_LANES "lanes"
+# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost"
+# define OSSL_KDF_PARAM_ARGON2_VERSION "version"
+# define OSSL_KDF_PARAM_CEK_ALG "cekalg"
+# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_KDF_PARAM_CONSTANT "constant"
+# define OSSL_KDF_PARAM_DATA "data"
+# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean"
+# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy"
+# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce"
+# define OSSL_KDF_PARAM_INFO "info"
+# define OSSL_KDF_PARAM_ITER "iter"
+# define OSSL_KDF_PARAM_KBKDF_R "r"
+# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l"
+# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator"
+# define OSSL_KDF_PARAM_KEY "key"
+# define OSSL_KDF_PARAM_LABEL "label"
+# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC
+# define OSSL_KDF_PARAM_MAC_SIZE "maclen"
+# define OSSL_KDF_PARAM_MODE "mode"
+# define OSSL_KDF_PARAM_PASSWORD "pass"
+# define OSSL_KDF_PARAM_PKCS12_ID "id"
+# define OSSL_KDF_PARAM_PKCS5 "pkcs5"
+# define OSSL_KDF_PARAM_PREFIX "prefix"
+# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_KDF_PARAM_SALT "salt"
+# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes"
+# define OSSL_KDF_PARAM_SCRYPT_N "n"
+# define OSSL_KDF_PARAM_SCRYPT_P "p"
+# define OSSL_KDF_PARAM_SCRYPT_R "r"
+# define OSSL_KDF_PARAM_SECRET "secret"
+# define OSSL_KDF_PARAM_SEED "seed"
+# define OSSL_KDF_PARAM_SIZE "size"
+# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id"
+# define OSSL_KDF_PARAM_SSHKDF_TYPE "type"
+# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash"
+# define OSSL_KDF_PARAM_THREADS "threads"
+# define OSSL_KDF_PARAM_UKM "ukm"
+# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+# define OSSL_KEM_PARAM_IKME "ikme"
+# define OSSL_KEM_PARAM_OPERATION "operation"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree"
+# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
+# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len"
+# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size"
+# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_MAC_PARAM_CUSTOM "custom"
+# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds"
+# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit"
+# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot"
+# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds"
+# define OSSL_MAC_PARAM_IV "iv"
+# define OSSL_MAC_PARAM_KEY "key"
+# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_MAC_PARAM_SALT "salt"
+# define OSSL_MAC_PARAM_SIZE "size"
+# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size"
+# define OSSL_MAC_PARAM_XOF "xof"
+# define OSSL_OBJECT_PARAM_DATA "data"
+# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure"
+# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type"
+# define OSSL_OBJECT_PARAM_DESC "desc"
+# define OSSL_OBJECT_PARAM_REFERENCE "reference"
+# define OSSL_OBJECT_PARAM_TYPE "type"
+# define OSSL_PASSPHRASE_PARAM_INFO "info"
+# define OSSL_PKEY_PARAM_BITS "bits"
+# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest"
+# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm"
+# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
+# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
+# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
+# define OSSL_PKEY_PARAM_DIST_ID "distid"
+# define OSSL_PKEY_PARAM_EC_A "a"
+# define OSSL_PKEY_PARAM_EC_B "b"
+# define OSSL_PKEY_PARAM_EC_CHAR2_M "m"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2"
+# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
+# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type"
+# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor"
+# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
+# define OSSL_PKEY_PARAM_EC_ENCODING "encoding"
+# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type"
+# define OSSL_PKEY_PARAM_EC_GENERATOR "generator"
+# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
+# define OSSL_PKEY_PARAM_EC_ORDER "order"
+# define OSSL_PKEY_PARAM_EC_P "p"
+# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+# define OSSL_PKEY_PARAM_EC_PUB_X "qx"
+# define OSSL_PKEY_PARAM_EC_PUB_Y "qy"
+# define OSSL_PKEY_PARAM_EC_SEED "seed"
+# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
+# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE
+# define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_FFC_G "g"
+# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+# define OSSL_PKEY_PARAM_FFC_H "hindex"
+# define OSSL_PKEY_PARAM_FFC_P "p"
+# define OSSL_PKEY_PARAM_FFC_PBITS "pbits"
+# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+# define OSSL_PKEY_PARAM_FFC_Q "q"
+# define OSSL_PKEY_PARAM_FFC_QBITS "qbits"
+# define OSSL_PKEY_PARAM_FFC_SEED "seed"
+# define OSSL_PKEY_PARAM_FFC_TYPE "type"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
+# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq"
+# define OSSL_PKEY_PARAM_GROUP_NAME "group"
+# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest"
+# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
+# define OSSL_PKEY_PARAM_MAX_SIZE "max-size"
+# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
+# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
+# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
+# define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_PUB_KEY "pub"
+# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8"
+# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9"
+# define OSSL_PKEY_PARAM_RSA_D "d"
+# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_PKEY_PARAM_RSA_E "e"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8"
+# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9"
+# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor"
+# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1"
+# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10"
+# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2"
+# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3"
+# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4"
+# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5"
+# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6"
+# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7"
+# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8"
+# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9"
+# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
+# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_PKEY_PARAM_RSA_N "n"
+# define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
+# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
+# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1"
+# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1"
+# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits"
+# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
+# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
+# define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
+# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename"
+# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name"
+# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version"
+# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_PARAM_NAME "name"
+# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"
+# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc"
+# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase"
+# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type"
+# define OSSL_PROV_PARAM_STATUS "status"
+# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
+# define OSSL_PROV_PARAM_VERSION "version"
+# define OSSL_RAND_PARAM_GENERATE "generate"
+# define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
+# define OSSL_RAND_PARAM_STATE "state"
+# define OSSL_RAND_PARAM_STRENGTH "strength"
+# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
+# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
+# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
+# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string"
+# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+# define OSSL_SIGNATURE_PARAM_INSTANCE "instance"
+# define OSSL_SIGNATURE_PARAM_KAT "kat"
+# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
+# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type"
+# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
+# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen"
+# define OSSL_STORE_PARAM_ALIAS "alias"
+# define OSSL_STORE_PARAM_DIGEST "digest"
+# define OSSL_STORE_PARAM_EXPECT "expect"
+# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint"
+# define OSSL_STORE_PARAM_INPUT_TYPE "input-type"
+# define OSSL_STORE_PARAM_ISSUER "name"
+# define OSSL_STORE_PARAM_PROPERTIES "properties"
+# define OSSL_STORE_PARAM_SERIAL "serial"
+# define OSSL_STORE_PARAM_SUBJECT "subject"
 
 # ifdef __cplusplus
 }
diff --git a/watchsimulator/include/OpenSSL/crmf.h b/watchsimulator/include/OpenSSL/crmf.h
index 2ba1f045..046c5a61 100644
--- a/watchsimulator/include/OpenSSL/crmf.h
+++ b/watchsimulator/include/OpenSSL/crmf.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crmf.h.in
  *
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -43,8 +43,8 @@ extern "C" {
 
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
-
 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
+
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
@@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/watchsimulator/include/OpenSSL/crypto.h b/watchsimulator/include/OpenSSL/crypto.h
index 76489c62..103801de 100644
--- a/watchsimulator/include/OpenSSL/crypto.h
+++ b/watchsimulator/include/OpenSSL/crypto.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/crypto.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
                      CRYPTO_RWLOCK *lock);
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
 
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
@@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 
+void OSSL_sleep(uint64_t millis);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/watchsimulator/include/OpenSSL/ct.h b/watchsimulator/include/OpenSSL/ct.h
index a7a581be..256b394d 100644
--- a/watchsimulator/include/OpenSSL/ct.h
+++ b/watchsimulator/include/OpenSSL/ct.h
@@ -133,7 +133,7 @@ typedef enum {
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
                                               const char *propq);
-                                                       
+
 /*
  * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
diff --git a/watchsimulator/include/OpenSSL/dherr.h b/watchsimulator/include/OpenSSL/dherr.h
index e6855341..faeefcf0 100644
--- a/watchsimulator/include/OpenSSL/dherr.h
+++ b/watchsimulator/include/OpenSSL/dherr.h
@@ -40,6 +40,7 @@
 #  define DH_R_INVALID_PARAMETER_NID                       114
 #  define DH_R_INVALID_PUBKEY                              102
 #  define DH_R_INVALID_SECRET                              128
+#  define DH_R_INVALID_SIZE                                129
 #  define DH_R_KDF_PARAMETER_ERROR                         112
 #  define DH_R_KEYS_NOT_SET                                108
 #  define DH_R_MISSING_PUBKEY                              125
diff --git a/watchsimulator/include/OpenSSL/dsa.h b/watchsimulator/include/OpenSSL/dsa.h
index 6d39043b..1f5dc3ce 100644
--- a/watchsimulator/include/OpenSSL/dsa.h
+++ b/watchsimulator/include/OpenSSL/dsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/watchsimulator/include/OpenSSL/e_os2.h b/watchsimulator/include/OpenSSL/e_os2.h
index 5c6e6100..9cd31cce 100644
--- a/watchsimulator/include/OpenSSL/e_os2.h
+++ b/watchsimulator/include/OpenSSL/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,7 +89,7 @@ extern "C" {
 
 /*
  * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
+ * application implementer how he or she will link the application, so it
  * requires some macro to be used.
  */
 # ifdef OPENSSL_SYS_WINDOWS
@@ -228,6 +228,7 @@ typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 typedef INT64 int64_t;
 typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
      defined(__osf__) || defined(__sgi) || defined(__hpux) || \
      defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
diff --git a/watchsimulator/include/OpenSSL/e_ostime.h b/watchsimulator/include/OpenSSL/e_ostime.h
new file mode 100644
index 00000000..980a150c
--- /dev/null
+++ b/watchsimulator/include/OpenSSL/e_ostime.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_E_OSTIME_H
+# define OPENSSL_E_OSTIME_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/opensslconf.h>
+#include <OpenSSL/e_os2.h>
+
+/*
+ * This header guarantees that 'struct timeval' will be available. It includes
+ * the minimum headers needed to facilitate this. This may still be a
+ * substantial set of headers on some platforms (e.g. <winsock2.h> on Win32).
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
+# else
+#  include <sys/time.h>
+# endif
+
+#endif
diff --git a/watchsimulator/include/OpenSSL/ec.h b/watchsimulator/include/OpenSSL/ec.h
index 9111f0b1..30cfbdbc 100644
--- a/watchsimulator/include/OpenSSL/ec.h
+++ b/watchsimulator/include/OpenSSL/ec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq);
 
+/**
+ * Creates an OSSL_PARAM array with the parameters describing the given
+ * EC_GROUP.
+ * The resulting parameters may contain an explicit or a named curve depending
+ * on the EC_GROUP.
+ *  \param  group  pointer to the EC_GROUP object
+ *  \param  libctx The associated library context or NULL for the default
+ *                 context
+ *  \param  propq  A property query string
+ *  \param  bnctx  BN_CTX object (optional)
+ *  \return newly created OSSL_PARAM array with the parameters
+ *          describing the given EC_GROUP or NULL if an error occurred
+ */
+OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx,
+                               const char *propq, BN_CTX *bnctx);
+
 /**
  * Creates a EC_GROUP object with a curve specified by a NID
  *  \param  libctx The associated library context or NULL for the default
@@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
@@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me
 OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
- *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
diff --git a/watchsimulator/include/OpenSSL/err.h b/watchsimulator/include/OpenSSL/err.h
index e980e5b9..42124abc 100644
--- a/watchsimulator/include/OpenSSL/err.h
+++ b/watchsimulator/include/OpenSSL/err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -496,6 +496,13 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 int ERR_clear_last_mark(void);
+int ERR_count_to_mark(void);
+
+ERR_STATE *OSSL_ERR_STATE_new(void);
+void OSSL_ERR_STATE_save(ERR_STATE *es);
+void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es);
+void OSSL_ERR_STATE_restore(const ERR_STATE *es);
+void OSSL_ERR_STATE_free(ERR_STATE *es);
 
 #ifdef  __cplusplus
 }
diff --git a/watchsimulator/include/OpenSSL/evp.h b/watchsimulator/include/OpenSSL/evp.h
index fb55e4d1..c8290eba 100644
--- a/watchsimulator/include/OpenSSL/evp.h
+++ b/watchsimulator/include/OpenSSL/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
@@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage */
+/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
@@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int
 # define         EVP_CIPH_WRAP_MODE              0x10002
 # define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_SIV_MODE               0x10004
+# define         EVP_CIPH_GCM_SIV_MODE           0x10005
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp))
 
-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
                           unsigned char *out,
                           const unsigned char *in, unsigned int inl);
 
@@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
 __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                    int *outl);
-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl);
 
 __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                            const unsigned char *key, const unsigned char *iv);
-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                   const EVP_CIPHER *cipher, ENGINE *impl,
                                   const unsigned char *key,
                                   const unsigned char *iv);
@@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                                const unsigned char *key,
                                const unsigned char *iv,
                                const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  int *outl, const unsigned char *in, int inl);
 __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                             int *outl);
-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                    int *outl);
 
 __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv,
                           int enc);
-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv, int enc);
@@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const char *mdname, OSSL_LIB_CTX *libctx,
                           const char *props, EVP_PKEY *pkey,
                           const OSSL_PARAM params[]);
-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
-int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
+__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const char *mdname, OSSL_LIB_CTX *libctx,
                             const char *props, EVP_PKEY *pkey,
                             const OSSL_PARAM params[]);
@@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *wrappedkey, size_t *wrappedkeylen,
                          unsigned char *genkey, size_t *genkeylen);
 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
+                                   const OSSL_PARAM params[]);
 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                          unsigned char *unwrapped, size_t *unwrappedlen,
                          const unsigned char *wrapped, size_t wrappedlen);
-
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
diff --git a/watchsimulator/include/OpenSSL/evperr.h b/watchsimulator/include/OpenSSL/evperr.h
index bc519f98..f36141af 100644
--- a/watchsimulator/include/OpenSSL/evperr.h
+++ b/watchsimulator/include/OpenSSL/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -110,11 +110,14 @@
 # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH              216
 # define EVP_R_UNABLE_TO_LOCK_CONTEXT                     211
 # define EVP_R_UNABLE_TO_SET_CALLBACKS                    217
+# define EVP_R_UNKNOWN_BITS                               166
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_KEY_TYPE                           207
+# define EVP_R_UNKNOWN_MAX_SIZE                           167
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNKNOWN_SECURITY_BITS                      168
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
diff --git a/watchsimulator/include/OpenSSL/hpke.h b/watchsimulator/include/OpenSSL/hpke.h
new file mode 100644
index 00000000..e7155e4a
--- /dev/null
+++ b/watchsimulator/include/OpenSSL/hpke.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* APIs and data structures for HPKE (RFC9180)  */
+#ifndef OSSL_HPKE_H
+# define OSSL_HPKE_H
+# pragma once
+
+#include <OpenSSL/types.h>
+
+/* HPKE modes */
+# define OSSL_HPKE_MODE_BASE              0 /* Base mode  */
+# define OSSL_HPKE_MODE_PSK               1 /* Pre-shared key mode */
+# define OSSL_HPKE_MODE_AUTH              2 /* Authenticated mode */
+# define OSSL_HPKE_MODE_PSKAUTH           3 /* PSK+authenticated mode */
+
+/*
+ * Max for ikm, psk, pskid, info and exporter contexts.
+ * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from
+ * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
+ */
+# define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
+# define OSSL_HPKE_MAX_INFOLEN        1024
+
+/*
+ * The (16bit) HPKE algorithm ID IANA codepoints
+ * If/when new IANA codepoints are added there are tables in
+ * crypto/hpke/hpke_util.c that must also be updated.
+ */
+# define OSSL_HPKE_KEM_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KEM_ID_P256             0x0010 /* NIST P-256 */
+# define OSSL_HPKE_KEM_ID_P384             0x0011 /* NIST P-384 */
+# define OSSL_HPKE_KEM_ID_P521             0x0012 /* NIST P-521 */
+# define OSSL_HPKE_KEM_ID_X25519           0x0020 /* Curve25519 */
+# define OSSL_HPKE_KEM_ID_X448             0x0021 /* Curve448 */
+
+# define OSSL_HPKE_KDF_ID_RESERVED         0x0000 /* not used */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA256      0x0001 /* HKDF-SHA256 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA384      0x0002 /* HKDF-SHA384 */
+# define OSSL_HPKE_KDF_ID_HKDF_SHA512      0x0003 /* HKDF-SHA512 */
+
+# define OSSL_HPKE_AEAD_ID_RESERVED        0x0000 /* not used */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_128     0x0001 /* AES-GCM-128 */
+# define OSSL_HPKE_AEAD_ID_AES_GCM_256     0x0002 /* AES-GCM-256 */
+# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */
+# define OSSL_HPKE_AEAD_ID_EXPORTONLY      0xFFFF /* export-only fake ID */
+
+/* strings for suite components */
+# define OSSL_HPKE_KEMSTR_P256        "P-256"              /* KEM id 0x10 */
+# define OSSL_HPKE_KEMSTR_P384        "P-384"              /* KEM id 0x11 */
+# define OSSL_HPKE_KEMSTR_P521        "P-521"              /* KEM id 0x12 */
+# define OSSL_HPKE_KEMSTR_X25519      "X25519"             /* KEM id 0x20 */
+# define OSSL_HPKE_KEMSTR_X448        "X448"               /* KEM id 0x21 */
+# define OSSL_HPKE_KDFSTR_256         "hkdf-sha256"        /* KDF id 1 */
+# define OSSL_HPKE_KDFSTR_384         "hkdf-sha384"        /* KDF id 2 */
+# define OSSL_HPKE_KDFSTR_512         "hkdf-sha512"        /* KDF id 3 */
+# define OSSL_HPKE_AEADSTR_AES128GCM  "aes-128-gcm"        /* AEAD id 1 */
+# define OSSL_HPKE_AEADSTR_AES256GCM  "aes-256-gcm"        /* AEAD id 2 */
+# define OSSL_HPKE_AEADSTR_CP         "chacha20-poly1305"  /* AEAD id 3 */
+# define OSSL_HPKE_AEADSTR_EXP        "exporter"           /* AEAD id 0xff */
+
+/*
+ * Roles for use in creating an OSSL_HPKE_CTX, most
+ * important use of this is to control nonce re-use.
+ */
+# define OSSL_HPKE_ROLE_SENDER 0
+# define OSSL_HPKE_ROLE_RECEIVER 1
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    uint16_t    kem_id; /* Key Encapsulation Method id */
+    uint16_t    kdf_id; /* Key Derivation Function id */
+    uint16_t    aead_id; /* AEAD alg id */
+} OSSL_HPKE_SUITE;
+
+/**
+ * Suite constants, use this like:
+ *          OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT;
+ */
+# ifndef OPENSSL_NO_ECX
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_X25519, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+# else
+#  define OSSL_HPKE_SUITE_DEFAULT \
+    {\
+        OSSL_HPKE_KEM_ID_P256, \
+        OSSL_HPKE_KDF_ID_HKDF_SHA256, \
+        OSSL_HPKE_AEAD_ID_AES_GCM_128 \
+    }
+#endif
+
+typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX;
+
+OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx);
+
+int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx,
+                    unsigned char *enc, size_t *enclen,
+                    const unsigned char *pub, size_t publen,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx,
+                   unsigned char *ct, size_t *ctlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *pt, size_t ptlen);
+
+int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite,
+                     unsigned char *pub, size_t *publen, EVP_PKEY **priv,
+                     const unsigned char *ikm, size_t ikmlen,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx,
+                    const unsigned char *enc, size_t enclen,
+                    EVP_PKEY *recippriv,
+                    const unsigned char *info, size_t infolen);
+int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx,
+                   unsigned char *pt, size_t *ptlen,
+                   const unsigned char *aad, size_t aadlen,
+                   const unsigned char *ct, size_t ctlen);
+
+int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx,
+                     unsigned char *secret,
+                     size_t secretlen,
+                     const unsigned char *label,
+                     size_t labellen);
+
+int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv);
+int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx,
+                               const unsigned char *pub,
+                               size_t publen);
+int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx,
+                           const char *pskid,
+                           const unsigned char *psk, size_t psklen);
+
+int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx,
+                            const unsigned char *ikme, size_t ikmelen);
+
+int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq);
+int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq);
+
+int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite);
+int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in,
+                               OSSL_HPKE_SUITE *suite,
+                               unsigned char *enc, size_t *enclen,
+                               unsigned char *ct, size_t ctlen,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite);
+size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen);
+size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite);
+size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/watchsimulator/include/OpenSSL/http.h b/watchsimulator/include/OpenSSL/http.h
index e3f7c8bd..d33cc797 100644
--- a/watchsimulator/include/OpenSSL/http.h
+++ b/watchsimulator/include/OpenSSL/http.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -33,6 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
+# ifndef OPENSSL_NO_HTTP
+
 #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
 #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
 
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
 # ifdef  __cplusplus
 }
 # endif
diff --git a/watchsimulator/include/OpenSSL/lhash.h b/watchsimulator/include/OpenSSL/lhash.h
index e49b5057..ea77b654 100644
--- a/watchsimulator/include/OpenSSL/lhash.h
+++ b/watchsimulator/include/OpenSSL/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/watchsimulator/include/OpenSSL/macros.h b/watchsimulator/include/OpenSSL/macros.h
index 9f9a7abb..fd950888 100644
--- a/watchsimulator/include/OpenSSL/macros.h
+++ b/watchsimulator/include/OpenSSL/macros.h
@@ -158,7 +158,7 @@
 /*
  * Define macros for deprecation and simulated removal purposes.
  *
- * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for
+ * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for
  * all OpenSSL versions we care for.  They can be used as attributes
  * in function declarations where appropriate.
  *
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_3_1
 # undef OPENSSL_NO_DEPRECATED_3_0
 # undef OPENSSL_NO_DEPRECATED_1_1_1
 # undef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/watchsimulator/include/OpenSSL/obj_mac.h b/watchsimulator/include/OpenSSL/obj_mac.h
index 0e860276..e1b441b3 100644
--- a/watchsimulator/include/OpenSSL/obj_mac.h
+++ b/watchsimulator/include/OpenSSL/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -886,6 +886,14 @@
 #define NID_id_ct_signedChecklist               1247
 #define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
 
+#define SN_id_ct_ASPA           "id-ct-ASPA"
+#define NID_id_ct_ASPA          1250
+#define OBJ_id_ct_ASPA          OBJ_id_smime_ct,49L
+
+#define SN_id_ct_signedTAL              "id-ct-signedTAL"
+#define NID_id_ct_signedTAL             1284
+#define OBJ_id_ct_signedTAL             OBJ_id_smime_ct,50L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -1002,10 +1010,22 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_aa_ets_attrCertificateRefs                "id-aa-ets-attrCertificateRefs"
+#define NID_id_aa_ets_attrCertificateRefs               1261
+#define OBJ_id_aa_ets_attrCertificateRefs               OBJ_id_smime_aa,44L
+
+#define SN_id_aa_ets_attrRevocationRefs         "id-aa-ets-attrRevocationRefs"
+#define NID_id_aa_ets_attrRevocationRefs                1262
+#define OBJ_id_aa_ets_attrRevocationRefs                OBJ_id_smime_aa,45L
+
 #define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
 #define NID_id_smime_aa_signingCertificateV2            1086
 #define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
 
+#define SN_id_aa_ets_archiveTimestampV2         "id-aa-ets-archiveTimestampV2"
+#define NID_id_aa_ets_archiveTimestampV2                1280
+#define OBJ_id_aa_ets_archiveTimestampV2                OBJ_id_smime_aa,48L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1082,15 +1102,17 @@
 #define NID_localKeyID          157
 #define OBJ_localKeyID          OBJ_pkcs9,21L
 
+#define OBJ_ms_corp             1L,3L,6L,1L,4L,1L,311L
+
 #define SN_ms_csp_name          "CSPName"
 #define LN_ms_csp_name          "Microsoft CSP Name"
 #define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+#define OBJ_ms_csp_name         OBJ_ms_corp,17L,1L
 
 #define SN_LocalKeySet          "LocalKeySet"
 #define LN_LocalKeySet          "Microsoft Local Key set"
 #define NID_LocalKeySet         856
-#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+#define OBJ_LocalKeySet         OBJ_ms_corp,17L,2L
 
 #define OBJ_certTypes           OBJ_pkcs9,22L
 
@@ -1108,6 +1130,10 @@
 #define NID_x509Crl             160
 #define OBJ_x509Crl             OBJ_crlTypes,1L
 
+#define SN_id_aa_CMSAlgorithmProtection         "id-aa-CMSAlgorithmProtection"
+#define NID_id_aa_CMSAlgorithmProtection                1263
+#define OBJ_id_aa_CMSAlgorithmProtection                OBJ_pkcs9,52L
+
 #define OBJ_pkcs12              OBJ_pkcs,12L
 
 #define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
@@ -1217,6 +1243,10 @@
 #define NID_SM2_with_SM3                1204
 #define OBJ_SM2_with_SM3                OBJ_sm_scheme,501L
 
+#define LN_hmacWithSM3          "hmacWithSM3"
+#define NID_hmacWithSM3         1281
+#define OBJ_hmacWithSM3         OBJ_sm3,3L,1L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1300,42 +1330,62 @@
 #define SN_ms_ext_req           "msExtReq"
 #define LN_ms_ext_req           "Microsoft Extension Request"
 #define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+#define OBJ_ms_ext_req          OBJ_ms_corp,2L,1L,14L
 
 #define SN_ms_code_ind          "msCodeInd"
 #define LN_ms_code_ind          "Microsoft Individual Code Signing"
 #define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+#define OBJ_ms_code_ind         OBJ_ms_corp,2L,1L,21L
 
 #define SN_ms_code_com          "msCodeCom"
 #define LN_ms_code_com          "Microsoft Commercial Code Signing"
 #define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+#define OBJ_ms_code_com         OBJ_ms_corp,2L,1L,22L
 
 #define SN_ms_ctl_sign          "msCTLSign"
 #define LN_ms_ctl_sign          "Microsoft Trust List Signing"
 #define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+#define OBJ_ms_ctl_sign         OBJ_ms_corp,10L,3L,1L
 
 #define SN_ms_sgc               "msSGC"
 #define LN_ms_sgc               "Microsoft Server Gated Crypto"
 #define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+#define OBJ_ms_sgc              OBJ_ms_corp,10L,3L,3L
 
 #define SN_ms_efs               "msEFS"
 #define LN_ms_efs               "Microsoft Encrypted File System"
 #define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define OBJ_ms_efs              OBJ_ms_corp,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
 #define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+#define OBJ_ms_smartcard_login          OBJ_ms_corp,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
 #define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+#define OBJ_ms_upn              OBJ_ms_corp,20L,2L,3L
+
+#define SN_ms_ntds_sec_ext              "ms-ntds-sec-ext"
+#define LN_ms_ntds_sec_ext              "Microsoft NTDS CA Extension"
+#define NID_ms_ntds_sec_ext             1292
+#define OBJ_ms_ntds_sec_ext             OBJ_ms_corp,25L,2L
+
+#define SN_ms_ntds_obj_sid              "ms-ntds-obj-sid"
+#define LN_ms_ntds_obj_sid              "Microsoft NTDS AD objectSid"
+#define NID_ms_ntds_obj_sid             1291
+#define OBJ_ms_ntds_obj_sid             OBJ_ms_corp,25L,2L,1L
+
+#define SN_ms_cert_templ                "ms-cert-templ"
+#define LN_ms_cert_templ                "Microsoft certificate template"
+#define NID_ms_cert_templ               1293
+#define OBJ_ms_cert_templ               OBJ_ms_corp,21L,7L
+
+#define SN_ms_app_policies              "ms-app-policies"
+#define LN_ms_app_policies              "Microsoft Application Policies Extension"
+#define NID_ms_app_policies             1294
+#define OBJ_ms_app_policies             OBJ_ms_corp,21L,10L
 
 #define SN_idea_cbc             "IDEA-CBC"
 #define LN_idea_cbc             "idea-cbc"
@@ -1503,6 +1553,18 @@
 #define NID_id_mod_cmp2000              284
 #define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
 
+#define SN_id_mod_cmp2000_02            "id-mod-cmp2000-02"
+#define NID_id_mod_cmp2000_02           1251
+#define OBJ_id_mod_cmp2000_02           OBJ_id_pkix_mod,50L
+
+#define SN_id_mod_cmp2021_88            "id-mod-cmp2021-88"
+#define NID_id_mod_cmp2021_88           1252
+#define OBJ_id_mod_cmp2021_88           OBJ_id_pkix_mod,99L
+
+#define SN_id_mod_cmp2021_02            "id-mod-cmp2021-02"
+#define NID_id_mod_cmp2021_02           1253
+#define OBJ_id_mod_cmp2021_02           OBJ_id_pkix_mod,100L
+
 #define SN_info_access          "authorityInfoAccess"
 #define LN_info_access          "Authority Information Access"
 #define NID_info_access         177
@@ -1783,6 +1845,22 @@
 #define NID_id_it_certReqTemplate               1225
 #define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
 
+#define SN_id_it_rootCaCert             "id-it-rootCaCert"
+#define NID_id_it_rootCaCert            1254
+#define OBJ_id_it_rootCaCert            OBJ_id_it,20L
+
+#define SN_id_it_certProfile            "id-it-certProfile"
+#define NID_id_it_certProfile           1255
+#define OBJ_id_it_certProfile           OBJ_id_it,21L
+
+#define SN_id_it_crlStatusList          "id-it-crlStatusList"
+#define NID_id_it_crlStatusList         1256
+#define OBJ_id_it_crlStatusList         OBJ_id_it,22L
+
+#define SN_id_it_crls           "id-it-crls"
+#define NID_id_it_crls          1257
+#define OBJ_id_it_crls          OBJ_id_it,23L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L
@@ -1815,6 +1893,18 @@
 #define NID_id_regCtrl_protocolEncrKey          320
 #define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
 
+#define SN_id_regCtrl_altCertTemplate           "id-regCtrl-altCertTemplate"
+#define NID_id_regCtrl_altCertTemplate          1258
+#define OBJ_id_regCtrl_altCertTemplate          OBJ_id_regCtrl,7L
+
+#define SN_id_regCtrl_algId             "id-regCtrl-algId"
+#define NID_id_regCtrl_algId            1259
+#define OBJ_id_regCtrl_algId            OBJ_id_regCtrl,11L
+
+#define SN_id_regCtrl_rsaKeyLen         "id-regCtrl-rsaKeyLen"
+#define NID_id_regCtrl_rsaKeyLen                1260
+#define OBJ_id_regCtrl_rsaKeyLen                OBJ_id_regCtrl,12L
+
 #define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
 #define NID_id_regInfo_utf8Pairs                321
 #define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
@@ -2649,11 +2739,56 @@
 #define NID_ext_key_usage               126
 #define OBJ_ext_key_usage               OBJ_id_ce,37L
 
+#define SN_authority_attribute_identifier               "authorityAttributeIdentifier"
+#define LN_authority_attribute_identifier               "X509v3 Authority Attribute Identifier"
+#define NID_authority_attribute_identifier              1295
+#define OBJ_authority_attribute_identifier              OBJ_id_ce,38L
+
+#define SN_role_spec_cert_identifier            "roleSpecCertIdentifier"
+#define LN_role_spec_cert_identifier            "X509v3 Role Specification Certificate Identifier"
+#define NID_role_spec_cert_identifier           1296
+#define OBJ_role_spec_cert_identifier           OBJ_id_ce,39L
+
+#define SN_basic_att_constraints                "basicAttConstraints"
+#define LN_basic_att_constraints                "X509v3 Basic Attribute Certificate Constraints"
+#define NID_basic_att_constraints               1297
+#define OBJ_basic_att_constraints               OBJ_id_ce,41L
+
+#define SN_delegated_name_constraints           "delegatedNameConstraints"
+#define LN_delegated_name_constraints           "X509v3 Delegated Name Constraints"
+#define NID_delegated_name_constraints          1298
+#define OBJ_delegated_name_constraints          OBJ_id_ce,42L
+
+#define SN_time_specification           "timeSpecification"
+#define LN_time_specification           "X509v3 Time Specification"
+#define NID_time_specification          1299
+#define OBJ_time_specification          OBJ_id_ce,43L
+
 #define SN_freshest_crl         "freshestCRL"
 #define LN_freshest_crl         "X509v3 Freshest CRL"
 #define NID_freshest_crl                857
 #define OBJ_freshest_crl                OBJ_id_ce,46L
 
+#define SN_attribute_descriptor         "attributeDescriptor"
+#define LN_attribute_descriptor         "X509v3 Attribute Descriptor"
+#define NID_attribute_descriptor                1300
+#define OBJ_attribute_descriptor                OBJ_id_ce,48L
+
+#define SN_user_notice          "userNotice"
+#define LN_user_notice          "X509v3 User Notice"
+#define NID_user_notice         1301
+#define OBJ_user_notice         OBJ_id_ce,49L
+
+#define SN_soa_identifier               "sOAIdentifier"
+#define LN_soa_identifier               "X509v3 Source of Authority Identifier"
+#define NID_soa_identifier              1302
+#define OBJ_soa_identifier              OBJ_id_ce,50L
+
+#define SN_acceptable_cert_policies             "acceptableCertPolicies"
+#define LN_acceptable_cert_policies             "X509v3 Acceptable Certification Policies"
+#define NID_acceptable_cert_policies            1303
+#define OBJ_acceptable_cert_policies            OBJ_id_ce,52L
+
 #define SN_inhibit_any_policy           "inhibitAnyPolicy"
 #define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy          748
@@ -2669,6 +2804,86 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 
+#define SN_acceptable_privilege_policies                "acceptablePrivPolicies"
+#define LN_acceptable_privilege_policies                "X509v3 Acceptable Privilege Policies"
+#define NID_acceptable_privilege_policies               1304
+#define OBJ_acceptable_privilege_policies               OBJ_id_ce,57L
+
+#define SN_indirect_issuer              "indirectIssuer"
+#define LN_indirect_issuer              "X509v3 Indirect Issuer"
+#define NID_indirect_issuer             1305
+#define OBJ_indirect_issuer             OBJ_id_ce,61L
+
+#define SN_no_assertion         "noAssertion"
+#define LN_no_assertion         "X509v3 No Assertion"
+#define NID_no_assertion                1306
+#define OBJ_no_assertion                OBJ_id_ce,62L
+
+#define SN_id_aa_issuing_distribution_point             "aAissuingDistributionPoint"
+#define LN_id_aa_issuing_distribution_point             "X509v3 Attribute Authority Issuing Distribution Point"
+#define NID_id_aa_issuing_distribution_point            1307
+#define OBJ_id_aa_issuing_distribution_point            OBJ_id_ce,63L
+
+#define SN_issued_on_behalf_of          "issuedOnBehalfOf"
+#define LN_issued_on_behalf_of          "X509v3 Issued On Behalf Of"
+#define NID_issued_on_behalf_of         1308
+#define OBJ_issued_on_behalf_of         OBJ_id_ce,64L
+
+#define SN_single_use           "singleUse"
+#define LN_single_use           "X509v3 Single Use"
+#define NID_single_use          1309
+#define OBJ_single_use          OBJ_id_ce,65L
+
+#define SN_group_ac             "groupAC"
+#define LN_group_ac             "X509v3 Group Attribute Certificate"
+#define NID_group_ac            1310
+#define OBJ_group_ac            OBJ_id_ce,66L
+
+#define SN_allowed_attribute_assignments                "allowedAttributeAssignments"
+#define LN_allowed_attribute_assignments                "X509v3 Allowed Attribute Assignments"
+#define NID_allowed_attribute_assignments               1311
+#define OBJ_allowed_attribute_assignments               OBJ_id_ce,67L
+
+#define SN_attribute_mappings           "attributeMappings"
+#define LN_attribute_mappings           "X509v3 Attribute Mappings"
+#define NID_attribute_mappings          1312
+#define OBJ_attribute_mappings          OBJ_id_ce,68L
+
+#define SN_holder_name_constraints              "holderNameConstraints"
+#define LN_holder_name_constraints              "X509v3 Holder Name Constraints"
+#define NID_holder_name_constraints             1313
+#define OBJ_holder_name_constraints             OBJ_id_ce,69L
+
+#define SN_authorization_validation             "authorizationValidation"
+#define LN_authorization_validation             "X509v3 Authorization Validation"
+#define NID_authorization_validation            1314
+#define OBJ_authorization_validation            OBJ_id_ce,70L
+
+#define SN_prot_restrict                "protRestrict"
+#define LN_prot_restrict                "X509v3 Protocol Restriction"
+#define NID_prot_restrict               1315
+#define OBJ_prot_restrict               OBJ_id_ce,71L
+
+#define SN_subject_alt_public_key_info          "subjectAltPublicKeyInfo"
+#define LN_subject_alt_public_key_info          "X509v3 Subject Alternative Public Key Info"
+#define NID_subject_alt_public_key_info         1316
+#define OBJ_subject_alt_public_key_info         OBJ_id_ce,72L
+
+#define SN_alt_signature_algorithm              "altSignatureAlgorithm"
+#define LN_alt_signature_algorithm              "X509v3 Alternative Signature Algorithm"
+#define NID_alt_signature_algorithm             1317
+#define OBJ_alt_signature_algorithm             OBJ_id_ce,73L
+
+#define SN_alt_signature_value          "altSignatureValue"
+#define LN_alt_signature_value          "X509v3 Alternative Signature Value"
+#define NID_alt_signature_value         1318
+#define OBJ_alt_signature_value         OBJ_id_ce,74L
+
+#define SN_associated_information               "associatedInformation"
+#define LN_associated_information               "X509v3 Associated Information"
+#define NID_associated_information              1319
+#define OBJ_associated_information              OBJ_id_ce,75L
+
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
@@ -3220,6 +3435,70 @@
 #define NID_hold_instruction_reject             433
 #define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
 
+#define SN_itu_t_identified_organization                "itu-t-identified-organization"
+#define NID_itu_t_identified_organization               1264
+#define OBJ_itu_t_identified_organization               OBJ_itu_t,4L
+
+#define SN_etsi         "etsi"
+#define NID_etsi                1265
+#define OBJ_etsi                OBJ_itu_t_identified_organization,0L
+
+#define SN_electronic_signature_standard                "electronic-signature-standard"
+#define NID_electronic_signature_standard               1266
+#define OBJ_electronic_signature_standard               OBJ_etsi,1733L
+
+#define SN_ess_attributes               "ess-attributes"
+#define NID_ess_attributes              1267
+#define OBJ_ess_attributes              OBJ_electronic_signature_standard,2L
+
+#define SN_id_aa_ets_mimeType           "id-aa-ets-mimeType"
+#define NID_id_aa_ets_mimeType          1268
+#define OBJ_id_aa_ets_mimeType          OBJ_ess_attributes,1L
+
+#define SN_id_aa_ets_longTermValidation         "id-aa-ets-longTermValidation"
+#define NID_id_aa_ets_longTermValidation                1269
+#define OBJ_id_aa_ets_longTermValidation                OBJ_ess_attributes,2L
+
+#define SN_id_aa_ets_SignaturePolicyDocument            "id-aa-ets-SignaturePolicyDocument"
+#define NID_id_aa_ets_SignaturePolicyDocument           1270
+#define OBJ_id_aa_ets_SignaturePolicyDocument           OBJ_ess_attributes,3L
+
+#define SN_id_aa_ets_archiveTimestampV3         "id-aa-ets-archiveTimestampV3"
+#define NID_id_aa_ets_archiveTimestampV3                1271
+#define OBJ_id_aa_ets_archiveTimestampV3                OBJ_ess_attributes,4L
+
+#define SN_id_aa_ATSHashIndex           "id-aa-ATSHashIndex"
+#define NID_id_aa_ATSHashIndex          1272
+#define OBJ_id_aa_ATSHashIndex          OBJ_ess_attributes,5L
+
+#define SN_cades                "cades"
+#define NID_cades               1273
+#define OBJ_cades               OBJ_etsi,19122L
+
+#define SN_cades_attributes             "cades-attributes"
+#define NID_cades_attributes            1274
+#define OBJ_cades_attributes            OBJ_cades,1L
+
+#define SN_id_aa_ets_signerAttrV2               "id-aa-ets-signerAttrV2"
+#define NID_id_aa_ets_signerAttrV2              1275
+#define OBJ_id_aa_ets_signerAttrV2              OBJ_cades_attributes,1L
+
+#define SN_id_aa_ets_sigPolicyStore             "id-aa-ets-sigPolicyStore"
+#define NID_id_aa_ets_sigPolicyStore            1276
+#define OBJ_id_aa_ets_sigPolicyStore            OBJ_cades_attributes,3L
+
+#define SN_id_aa_ATSHashIndex_v2                "id-aa-ATSHashIndex-v2"
+#define NID_id_aa_ATSHashIndex_v2               1277
+#define OBJ_id_aa_ATSHashIndex_v2               OBJ_cades_attributes,4L
+
+#define SN_id_aa_ATSHashIndex_v3                "id-aa-ATSHashIndex-v3"
+#define NID_id_aa_ATSHashIndex_v3               1278
+#define OBJ_id_aa_ATSHashIndex_v3               OBJ_cades_attributes,5L
+
+#define SN_signedAssertion              "signedAssertion"
+#define NID_signedAssertion             1279
+#define OBJ_signedAssertion             OBJ_cades_attributes,6L
+
 #define SN_data         "data"
 #define NID_data                434
 #define OBJ_data                OBJ_itu_t,9L
@@ -4952,6 +5231,21 @@
 #define NID_sm4_ctr             1139
 #define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
 
+#define SN_sm4_gcm              "SM4-GCM"
+#define LN_sm4_gcm              "sm4-gcm"
+#define NID_sm4_gcm             1248
+#define OBJ_sm4_gcm             OBJ_sm_scheme,104L,8L
+
+#define SN_sm4_ccm              "SM4-CCM"
+#define LN_sm4_ccm              "sm4-ccm"
+#define NID_sm4_ccm             1249
+#define OBJ_sm4_ccm             OBJ_sm_scheme,104L,9L
+
+#define SN_sm4_xts              "SM4-XTS"
+#define LN_sm4_xts              "sm4-xts"
+#define NID_sm4_xts             1290
+#define OBJ_sm4_xts             OBJ_sm_scheme,104L,10L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -5029,6 +5323,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5045,6 +5342,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5053,6 +5353,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
@@ -5130,17 +5433,17 @@
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
-#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+#define OBJ_jurisdictionLocalityName            OBJ_ms_corp,60L,2L,1L,1L
 
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
-#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+#define OBJ_jurisdictionStateOrProvinceName             OBJ_ms_corp,60L,2L,1L,2L
 
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
-#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+#define OBJ_jurisdictionCountryName             OBJ_ms_corp,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
 #define LN_id_scrypt            "scrypt"
@@ -5432,6 +5735,24 @@
 #define LN_aes_256_siv          "aes-256-siv"
 #define NID_aes_256_siv         1200
 
+#define SN_oracle               "oracle-organization"
+#define LN_oracle               "Oracle organization"
+#define NID_oracle              1282
+#define OBJ_oracle              OBJ_joint_iso_itu_t,16L,840L,1L,113894L
+
+#define SN_oracle_jdk_trustedkeyusage           "oracle-jdk-trustedkeyusage"
+#define LN_oracle_jdk_trustedkeyusage           "Trusted key usage (Oracle)"
+#define NID_oracle_jdk_trustedkeyusage          1283
+#define OBJ_oracle_jdk_trustedkeyusage          OBJ_oracle,746875L,1L,1L
+
+#define SN_brotli               "brotli"
+#define LN_brotli               "Brotli compression"
+#define NID_brotli              1288
+
+#define SN_zstd         "zstd"
+#define LN_zstd         "Zstandard compression"
+#define NID_zstd                1289
+
 #endif /* OPENSSL_OBJ_MAC_H */
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/watchsimulator/include/OpenSSL/opensslv.h b/watchsimulator/include/OpenSSL/opensslv.h
index bdf8c8de..b3e2dc41 100644
--- a/watchsimulator/include/OpenSSL/opensslv.h
+++ b/watchsimulator/include/OpenSSL/opensslv.h
@@ -28,8 +28,8 @@ extern "C" {
  * These macros express version number MAJOR.MINOR.PATCH exactly
  */
 # define OPENSSL_VERSION_MAJOR  3
-# define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  6
+# define OPENSSL_VERSION_MINOR  2
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -74,8 +74,8 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.6"
-# define OPENSSL_FULL_VERSION_STR "3.1.6"
+# define OPENSSL_VERSION_STR "3.2.2"
+# define OPENSSL_FULL_VERSION_STR "3.2.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
@@ -88,7 +88,7 @@ extern "C" {
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.6 4 Jun 2024"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.2 4 Jun 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/watchsimulator/include/OpenSSL/pem.h b/watchsimulator/include/OpenSSL/pem.h
index 7fb4932a..8eeb00fa 100644
--- a/watchsimulator/include/OpenSSL/pem.h
+++ b/watchsimulator/include/OpenSSL/pem.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
diff --git a/watchsimulator/include/OpenSSL/pkcs12.h b/watchsimulator/include/OpenSSL/pkcs12.h
index 1802eb79..2e50b74b 100644
--- a/watchsimulator/include/OpenSSL/pkcs12.h
+++ b/watchsimulator/include/OpenSSL/pkcs12.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/pkcs12.h.in
  *
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,6 +44,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */
@@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
 const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
 
+X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
 const STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
@@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs);
 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
                                 const char *pass, int passlen,
                                 const unsigned char *in, int inlen,
@@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                  STACK_OF(X509) **ca);
+typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
                       X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                       int iter, int mac_iter, int keytype);
@@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
                          int iter, int mac_iter, int keytype,
                          OSSL_LIB_CTX *ctx, const char *propq);
+PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                          int iter, int mac_iter, int keytype,
+                          OSSL_LIB_CTX *ctx, const char *propq,
+                          PKCS12_create_cb *cb, void *cbarg);
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
diff --git a/watchsimulator/include/OpenSSL/pkcs12err.h b/watchsimulator/include/OpenSSL/pkcs12err.h
index efeeeb3b..0b316e4a 100644
--- a/watchsimulator/include/OpenSSL/pkcs12err.h
+++ b/watchsimulator/include/OpenSSL/pkcs12err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 /*
  * PKCS12 reason codes.
  */
+# define PKCS12_R_CALLBACK_FAILED                         115
 # define PKCS12_R_CANT_PACK_STRUCTURE                     100
 # define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
 # define PKCS12_R_DECODE_ERROR                            101
diff --git a/watchsimulator/include/OpenSSL/pkcs7.h b/watchsimulator/include/OpenSSL/pkcs7.h
index c041f83d..86d7d66a 100644
--- a/watchsimulator/include/OpenSSL/pkcs7.h
+++ b/watchsimulator/include/OpenSSL/pkcs7.h
@@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     struct pkcs7_st *contents;
 } PKCS7_SIGNED;
@@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st {
 typedef struct pkcs7_signedandenveloped_st {
     ASN1_INTEGER *version;      /* version 1 */
     STACK_OF(X509_ALGOR) *md_algs; /* md used */
-    STACK_OF(X509) *cert;       /* [ 0 ] */
-    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(X509) *cert;       /* [ 0 ] */ /* name should be 'certificates' */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */ /* name should be 'crls' */
     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
     PKCS7_ENC_CONTENT *enc_data;
     STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
@@ -203,7 +203,7 @@ typedef struct pkcs7_st {
         /* NID_pkcs7_data */
         ASN1_OCTET_STRING *data;
         /* NID_pkcs7_signed */
-        PKCS7_SIGNED *sign;
+        PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
         /* NID_pkcs7_enveloped */
         PKCS7_ENVELOPE *enveloped;
         /* NID_pkcs7_signedAndEnveloped */
@@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                           const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
                      BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509);
+                          X509 *signer);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
diff --git a/watchsimulator/include/OpenSSL/prov_ssl.h b/watchsimulator/include/OpenSSL/prov_ssl.h
index d3e0896c..76d01e1e 100644
--- a/watchsimulator/include/OpenSSL/prov_ssl.h
+++ b/watchsimulator/include/OpenSSL/prov_ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,7 @@ extern "C" {
 
 # define SSL_MAX_MASTER_KEY_LENGTH 48
 
+/* SSL/TLS uses a 2 byte unsigned version number */
 # define SSL3_VERSION                    0x0300
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
@@ -28,6 +29,9 @@ extern "C" {
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS1_BAD_VER                   0x0100
 
+/* QUIC uses a 4 byte unsigned version number */
+# define OSSL_QUIC1_VERSION              0x0000001
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/watchsimulator/include/OpenSSL/proverr.h b/watchsimulator/include/OpenSSL/proverr.h
index 9502d07f..094b212c 100644
--- a/watchsimulator/include/OpenSSL/proverr.h
+++ b/watchsimulator/include/OpenSSL/proverr.h
@@ -52,6 +52,7 @@
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_AEAD                              231
 # define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
@@ -63,9 +64,11 @@
 # define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
+# define PROV_R_INVALID_KDF                               232
 # define PROV_R_INVALID_KEY                               158
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
+# define PROV_R_INVALID_MEMORY_SIZE                       235
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
 # define PROV_R_INVALID_OUTPUT_LENGTH                     217
@@ -77,6 +80,7 @@
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAG_LENGTH                        118
+# define PROV_R_INVALID_THREAD_POOL_SIZE                  234
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
diff --git a/watchsimulator/include/OpenSSL/provider.h b/watchsimulator/include/OpenSSL/provider.h
index dc684007..174aaaff 100644
--- a/watchsimulator/include/OpenSSL/provider.h
+++ b/watchsimulator/include/OpenSSL/provider.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,13 +17,19 @@
 extern "C" {
 # endif
 
-/* Set the default provider search path */
+/* Set and Get a library context search path */
 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path);
+const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
+                                     OSSL_PARAM *params);
 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name,
                                       int retain_fallbacks);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
+                                         OSSL_PARAM *params,
+                                         int retain_fallbacks);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
diff --git a/watchsimulator/include/OpenSSL/quic.h b/watchsimulator/include/OpenSSL/quic.h
new file mode 100644
index 00000000..10aa86fc
--- /dev/null
+++ b/watchsimulator/include/OpenSSL/quic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_QUIC_H
+# define OPENSSL_QUIC_H
+# pragma once
+
+#include <OpenSSL/macros.h>
+#include <OpenSSL/ssl.h>
+
+# ifndef OPENSSL_NO_QUIC
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+/*
+ * Method used for non-thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_method(void);
+/*
+ * Method used for thread-assisted QUIC client operation.
+ */
+__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_QUIC */
+#endif
diff --git a/watchsimulator/include/OpenSSL/rand.h b/watchsimulator/include/OpenSSL/rand.h
index 886a174d..fbc3a5cf 100644
--- a/watchsimulator/include/OpenSSL/rand.h
+++ b/watchsimulator/include/OpenSSL/rand.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/watchsimulator/include/OpenSSL/rsa.h b/watchsimulator/include/OpenSSL/rsa.h
index 1ee76ecb..d4534fde 100644
--- a/watchsimulator/include/OpenSSL/rsa.h
+++ b/watchsimulator/include/OpenSSL/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
 
+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
+
 # define RSA_PKCS1_PADDING          1
 # define RSA_NO_PADDING             3
 # define RSA_PKCS1_OAEP_PADDING     4
@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
 # define RSA_PKCS1_PSS_PADDING      6
 # define RSA_PKCS1_WITH_TLS_PADDING 7
 
+/* internal RSA_ only */
+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
+
 # define RSA_PKCS1_PADDING_SIZE    11
 
 # define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
diff --git a/watchsimulator/include/OpenSSL/sha.h b/watchsimulator/include/OpenSSL/sha.h
index 3dce5cd7..967279a7 100644
--- a/watchsimulator/include/OpenSSL/sha.h
+++ b/watchsimulator/include/OpenSSL/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/watchsimulator/include/OpenSSL/srtp.h b/watchsimulator/include/OpenSSL/srtp.h
index 91f03c06..41e2b8d5 100644
--- a/watchsimulator/include/OpenSSL/srtp.h
+++ b/watchsimulator/include/OpenSSL/srtp.h
@@ -28,16 +28,28 @@
 extern "C" {
 #endif
 
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
+# define SRTP_AES128_CM_SHA1_80                     0x0001
+# define SRTP_AES128_CM_SHA1_32                     0x0002
+# define SRTP_AES128_F8_SHA1_80                     0x0003
+# define SRTP_AES128_F8_SHA1_32                     0x0004
+# define SRTP_NULL_SHA1_80                          0x0005
+# define SRTP_NULL_SHA1_32                          0x0006
 
 /* AEAD SRTP protection profiles from RFC 7714 */
-# define SRTP_AEAD_AES_128_GCM  0x0007
-# define SRTP_AEAD_AES_256_GCM  0x0008
+# define SRTP_AEAD_AES_128_GCM                      0x0007
+# define SRTP_AEAD_AES_256_GCM                      0x0008
+
+/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
+# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
+# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A
+
+/* ARIA SRTP protection profiles from RFC 8269 */
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
+# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
+# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
+# define SRTP_AEAD_ARIA_128_GCM                     0x000F
+# define SRTP_AEAD_ARIA_256_GCM                     0x0010
 
 # ifndef OPENSSL_NO_SRTP
 
diff --git a/watchsimulator/include/OpenSSL/ssl.h b/watchsimulator/include/OpenSSL/ssl.h
index 7d8d0435..0dbadf2f 100644
--- a/watchsimulator/include/OpenSSL/ssl.h
+++ b/watchsimulator/include/OpenSSL/ssl.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/ssl.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -24,6 +24,7 @@
 # endif
 
 #include <OpenSSL/e_os2.h>
+#include <OpenSSL/e_ostime.h>
 #include <OpenSSL/opensslconf.h>
 #include <OpenSSL/comp.h>
 #include <OpenSSL/bio.h>
@@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 
 /* Extension context codes */
 /* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY                        0x0001
+#define SSL_EXT_TLS_ONLY                        0x00001
 /* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY                       0x0002
+#define SSL_EXT_DTLS_ONLY                       0x00002
 /* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x00004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED                    0x0008
+#define SSL_EXT_SSL3_ALLOWED                    0x00008
 /* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x00010
 /* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_TLS1_3_ONLY                     0x00020
 /* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
-#define SSL_EXT_CLIENT_HELLO                    0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x00040
+#define SSL_EXT_CLIENT_HELLO                    0x00080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION  0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY           0x10000
 
 /* Typedefs for handling custom extensions */
 
@@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
      * interoperability with CryptoPro CSP 3.x
      */
 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
+/*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ *     and ignore the extension when received.
+ * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and
+ *     subsequently indicating that receiving is not supported
+ */
+# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(32)
+# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION            SSL_OP_BIT(33)
+    /* Enable KTLS TX zerocopy on Linux */
+# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE         SSL_OP_BIT(34)
 
 /*
  * Option "collections."
@@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define CERT_PKEY_CERT_TYPE     0x400
 /* Cert chain suitable to Suite B */
 # define CERT_PKEY_SUITEB        0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK           0x1000
 
 # define SSL_CONF_FLAG_CMDLINE           0x1
 # define SSL_CONF_FLAG_FILE              0x2
@@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s);
 #include <OpenSSL/tls1.h>      /* This is mostly sslv3 with a few tweaks */
 #include <OpenSSL/dtls1.h>     /* Datagram TLS */
 #include <OpenSSL/srtp.h>      /* Support for the use_srtp extension */
+#include <OpenSSL/quic.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1069,6 +1087,7 @@ typedef enum {
     DTLS_ST_CR_HELLO_VERIFY_REQUEST,
     TLS_ST_CR_SRVR_HELLO,
     TLS_ST_CR_CERT,
+    TLS_ST_CR_COMP_CERT,
     TLS_ST_CR_CERT_STATUS,
     TLS_ST_CR_KEY_EXCH,
     TLS_ST_CR_CERT_REQ,
@@ -1078,6 +1097,7 @@ typedef enum {
     TLS_ST_CR_FINISHED,
     TLS_ST_CW_CLNT_HELLO,
     TLS_ST_CW_CERT,
+    TLS_ST_CW_COMP_CERT,
     TLS_ST_CW_KEY_EXCH,
     TLS_ST_CW_CERT_VRFY,
     TLS_ST_CW_CHANGE,
@@ -1088,10 +1108,12 @@ typedef enum {
     DTLS_ST_SW_HELLO_VERIFY_REQUEST,
     TLS_ST_SW_SRVR_HELLO,
     TLS_ST_SW_CERT,
+    TLS_ST_SW_COMP_CERT,
     TLS_ST_SW_KEY_EXCH,
     TLS_ST_SW_CERT_REQ,
     TLS_ST_SW_SRVR_DONE,
     TLS_ST_SR_CERT,
+    TLS_ST_SR_COMP_CERT,
     TLS_ST_SR_KEY_EXCH,
     TLS_ST_SR_CERT_VRFY,
     TLS_ST_SR_NEXT_PROTO,
@@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
 # define SSL_CTRL_GET_NEGOTIATED_GROUP           134
+# define SSL_CTRL_GET_IANA_GROUPS                135
 # define SSL_CTRL_SET_RETRY_VERIFY               136
 # define SSL_CTRL_GET_VERIFY_CERT_STORE          137
 # define SSL_CTRL_GET_CHAIN_CERT_STORE           138
@@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 # define SSL_get1_groups(s, glist) \
         SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_get0_iana_groups(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst))
 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
 # define SSL_CTX_set1_groups_list(ctx, s) \
@@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_get_max_proto_version(s) \
         SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
 
+const char *SSL_get0_group_name(SSL *s);
 const char *SSL_group_to_name(SSL *s, int id);
 
 /* Backwards compatibility, original 1.1.0 names */
@@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s,
                                        unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+                                long length, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 
 # ifdef OPENSSL_X509_H
 __owur X509 *SSL_get0_peer_certificate(const SSL *s);
@@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
@@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
 size_t SSL_client_hello_get0_compression_methods(SSL *s,
                                                  const unsigned char **out);
 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts,
+                                         size_t *num_exts);
 int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
                               const unsigned char **out, size_t *outlen);
 
@@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s);
 
 __owur int SSL_get_error(const SSL *s, int ret_code);
 __owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE        0
+#define SSL_STREAM_TYPE_READ        (1U << 0)
+#define SSL_STREAM_TYPE_WRITE       (1U << 1)
+#define SSL_STREAM_TYPE_BIDI        (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE        0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI    2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI         (1U << 0)
+#define SSL_STREAM_FLAG_NO_BLOCK    (1U << 1)
+#define SSL_STREAM_FLAG_ADVANCE     (1U << 2)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO      0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT    1
+#define SSL_INCOMING_STREAM_POLICY_REJECT    2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK      (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+                                size_t buf_len,
+                                const BIO_ADDR *peer,
+                                const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+    uint64_t    quic_error_code;
+    const char  *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
+#define SSL_SHUTDOWN_FLAG_NO_BLOCK          (1U << 2)
+#define SSL_SHUTDOWN_FLAG_WAIT_PEER         (1U << 3)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+                           const SSL_SHUTDOWN_EX_ARGS *args,
+                           size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+    uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+                            const SSL_STREAM_RESET_ARGS *args,
+                            size_t args_len);
+
+#define SSL_STREAM_STATE_NONE           0
+#define SSL_STREAM_STATE_OK             1
+#define SSL_STREAM_STATE_WRONG_DIR      2
+#define SSL_STREAM_STATE_FINISHED       3
+#define SSL_STREAM_STATE_RESET_LOCAL    4
+#define SSL_STREAM_STATE_RESET_REMOTE   5
+#define SSL_STREAM_STATE_CONN_CLOSED    6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+#define SSL_CONN_CLOSE_FLAG_LOCAL       (1U << 0)
+#define SSL_CONN_CLOSE_FLAG_TRANSPORT   (1U << 1)
+
+typedef struct ssl_conn_close_info_st {
+    uint64_t    error_code, frame_type;
+    const char  *reason;
+    size_t      reason_len;
+    uint32_t    flags;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+                                   SSL_CONN_CLOSE_INFO *info,
+                                   size_t info_len);
+
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define SSL_cache_hit(s) SSL_session_reused(s)
 # endif
@@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s,
 const char *OSSL_default_cipher_list(void);
 const char *OSSL_default_ciphersuites(void);
 
+/* RFC8879 Certificate compression APIs */
+
+int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+int SSL_compress_certs(SSL *ssl, int alg);
+
+int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+
+int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
+                                size_t comp_length, size_t orig_length);
+int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
+                            size_t comp_length, size_t orig_length);
+size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
+size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/watchsimulator/include/OpenSSL/ssl3.h b/watchsimulator/include/OpenSSL/ssl3.h
index a3aac3ff..271c6d87 100644
--- a/watchsimulator/include/OpenSSL/ssl3.h
+++ b/watchsimulator/include/OpenSSL/ssl3.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -239,6 +239,13 @@ extern "C" {
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_RT_INNER_CONTENT_TYPE      0x101
 
+/* Pseudo content types for QUIC */
+# define SSL3_RT_QUIC_DATAGRAM            0x200
+# define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
+
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
 
@@ -300,6 +307,8 @@ extern "C" {
 /* Set if extended master secret extension required on renegotiation */
 # define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
 
+/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
@@ -317,6 +326,7 @@ extern "C" {
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # define SSL3_MT_SUPPLEMENTAL_DATA               23
 # define SSL3_MT_KEY_UPDATE                      24
+# define SSL3_MT_COMPRESSED_CERTIFICATE          25
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                     67
 # endif
diff --git a/watchsimulator/include/OpenSSL/sslerr.h b/watchsimulator/include/OpenSSL/sslerr.h
index 1d0b8f87..87413d95 100644
--- a/watchsimulator/include/OpenSSL/sslerr.h
+++ b/watchsimulator/include/OpenSSL/sslerr.h
@@ -25,8 +25,10 @@
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CERTIFICATE                            348
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_COMPRESSION_ALGORITHM                  326
 # define SSL_R_BAD_DATA                                   390
 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
 # define SSL_R_BAD_DECOMPRESSION                          107
@@ -82,6 +84,7 @@
 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 # define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 # define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONN_USE_ONLY                              356
 # define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
 # define SSL_R_COOKIE_MISMATCH                            308
@@ -110,6 +113,7 @@
 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
 # define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_RAW_PUBLIC_KEY                       349
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -119,6 +123,7 @@
 # define SSL_R_EXTENSION_NOT_RECEIVED                     279
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
 # define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_GET_PARAMETER                    316
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
@@ -144,6 +149,8 @@
 # define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
 # define SSL_R_INVALID_MAX_EARLY_DATA                     174
 # define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_RAW_PUBLIC_KEY                     350
+# define SSL_R_INVALID_RECORD                             317
 # define SSL_R_INVALID_SEQUENCE_NUMBER                    402
 # define SSL_R_INVALID_SERVERINFO_DATA                    388
 # define SSL_R_INVALID_SESSION_ID                         999
@@ -156,6 +163,7 @@
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED             395
 # define SSL_R_MISSING_DSA_SIGNING_CERT                   165
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
@@ -196,9 +204,11 @@
 # define SSL_R_NO_SHARED_GROUPS                           410
 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_STREAM                                  355
 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
 # define SSL_R_NO_SUITABLE_GROUPS                         295
 # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_RECORD_LAYER                   322
 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
@@ -221,10 +231,16 @@
 # define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
 # define SSL_R_PSK_NO_CLIENT_CB                           224
 # define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR                 393
+# define SSL_R_QUIC_NETWORK_ERROR                         387
+# define SSL_R_QUIC_PROTOCOL_ERROR                        382
 # define SSL_R_READ_BIO_NOT_SET                           211
 # define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORDS_NOT_RELEASED                       321
+# define SSL_R_RECORD_LAYER_FAILURE                       313
 # define SSL_R_RECORD_LENGTH_MISMATCH                     213
 # define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET                346
 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
 # define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
 # define SSL_R_RENEGOTIATION_MISMATCH                     337
@@ -234,6 +250,7 @@
 # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
 # define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SEQUENCE_CTR_WRAPPED                       327
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
@@ -273,6 +290,11 @@
 # define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_STREAM_COUNT_LIMITED                       411
+# define SSL_R_STREAM_FINISHED                            365
+# define SSL_R_STREAM_RECV_ONLY                           366
+# define SSL_R_STREAM_RESET                               375
+# define SSL_R_STREAM_SEND_ONLY                           379
 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
@@ -318,6 +340,7 @@
 # define SSL_R_UNKNOWN_COMMAND                            139
 # define SSL_R_UNKNOWN_DIGEST                             368
 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER                323
 # define SSL_R_UNKNOWN_PKEY_TYPE                          251
 # define SSL_R_UNKNOWN_PROTOCOL                           252
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
@@ -335,6 +358,7 @@
 # define SSL_R_WRONG_CERTIFICATE_TYPE                     383
 # define SSL_R_WRONG_CIPHER_RETURNED                      261
 # define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_RPK_TYPE                             351
 # define SSL_R_WRONG_SIGNATURE_LENGTH                     264
 # define SSL_R_WRONG_SIGNATURE_SIZE                       265
 # define SSL_R_WRONG_SIGNATURE_TYPE                       370
diff --git a/watchsimulator/include/OpenSSL/store.h b/watchsimulator/include/OpenSSL/store.h
index a5cbcdd1..ed0b6254 100644
--- a/watchsimulator/include/OpenSSL/store.h
+++ b/watchsimulator/include/OpenSSL/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
  */
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
 
+/*
+ * Deletes the object in the store by URI.
+ * Returns 1 on success, 0 otherwise.
+ */
+int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+                      const UI_METHOD *ui_method, void *ui_data,
+                      const OSSL_PARAM params[]);
+
 /*
  * Check if end of data (end of file) is reached
  * Returns 1 on end, 0 otherwise.
@@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
 OSSL_DEPRECATEDIN_3_0
 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
 OSSL_DEPRECATEDIN_3_0
diff --git a/watchsimulator/include/OpenSSL/thread.h b/watchsimulator/include/OpenSSL/thread.h
new file mode 100644
index 00000000..b300722f
--- /dev/null
+++ b/watchsimulator/include/OpenSSL/thread.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_THREAD_H
+# define OPENSSL_THREAD_H
+
+# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0)
+# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1)
+
+#include <OpenSSL/types.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+uint32_t OSSL_get_thread_support_flags(void);
+int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
+uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif /* OPENSSL_THREAD_H */
diff --git a/watchsimulator/include/OpenSSL/tls1.h b/watchsimulator/include/OpenSSL/tls1.h
index 83ef78b2..9215a7b0 100644
--- a/watchsimulator/include/OpenSSL/tls1.h
+++ b/watchsimulator/include/OpenSSL/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -28,7 +28,7 @@ extern "C" {
 
 /* Default security level if not overridden at config time */
 # ifndef OPENSSL_TLS_SECURITY_LEVEL
-#  define OPENSSL_TLS_SECURITY_LEVEL 1
+#  define OPENSSL_TLS_SECURITY_LEVEL 2
 # endif
 
 /* TLS*_VERSION constants are defined in prov_ssl.h */
@@ -122,6 +122,14 @@ extern "C" {
  */
 # define TLSEXT_TYPE_signed_certificate_timestamp    18
 
+/*
+ * Extension type for Raw Public Keys
+ * https://tools.ietf.org/html/rfc7250
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ */
+# define TLSEXT_TYPE_client_cert_type   19
+# define TLSEXT_TYPE_server_cert_type   20
+
 /*
  * ExtensionType value for TLS padding extension.
  * http://tools.ietf.org/html/draft-agl-tls-padding
@@ -134,6 +142,9 @@ extern "C" {
 /* ExtensionType value from RFC7627 */
 # define TLSEXT_TYPE_extended_master_secret      23
 
+/* ExtensionType value from RFC8879 */
+# define TLSEXT_TYPE_compress_certificate        27
+
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 
@@ -147,6 +158,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
@@ -195,6 +207,15 @@ extern "C" {
 
 # define TLSEXT_hash_num                                 10
 
+/* Possible compression values from RFC8879 */
+/* Not defined in RFC8879, but used internally for no-compression */
+# define TLSEXT_comp_cert_none                            0
+# define TLSEXT_comp_cert_zlib                            1
+# define TLSEXT_comp_cert_brotli                          2
+# define TLSEXT_comp_cert_zstd                            3
+/* one more than the number of defined values - used as size of 0-terminated array */
+# define TLSEXT_comp_cert_limit                           4
+
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 
@@ -211,6 +232,15 @@ extern "C" {
 # define TLSEXT_max_fragment_length_2048        3
 # define TLSEXT_max_fragment_length_4096        4
 
+/*
+ * TLS Certificate Type (for RFC7250)
+ * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
+ */
+# define TLSEXT_cert_type_x509         0
+# define TLSEXT_cert_type_pgp          1 /* recognized, but not supported */
+# define TLSEXT_cert_type_rpk          2
+# define TLSEXT_cert_type_1609dot2     3 /* recognized, but not supported */
+
 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
 
diff --git a/watchsimulator/include/OpenSSL/trace.h b/watchsimulator/include/OpenSSL/trace.h
index 3064a013..5d0fd9e6 100644
--- a/watchsimulator/include/OpenSSL/trace.h
+++ b/watchsimulator/include/OpenSSL/trace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel);
 # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \
     OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9))
 
+#define OSSL_TRACE_STRING_MAX 80
+int OSSL_trace_string(BIO *out, int text, int full,
+                      const unsigned char *data, size_t size);
+#define OSSL_TRACE_STRING(category, text, full, data, len) \
+    OSSL_TRACE_BEGIN(category) { \
+        OSSL_trace_string(trc_out, text, full, data, len);  \
+    } OSSL_TRACE_END(category)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/watchsimulator/include/OpenSSL/ts.h b/watchsimulator/include/OpenSSL/ts.h
index 9d669a64..a7302824 100644
--- a/watchsimulator/include/OpenSSL/ts.h
+++ b/watchsimulator/include/OpenSSL/ts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/watchsimulator/include/OpenSSL/types.h b/watchsimulator/include/OpenSSL/types.h
index b2281f69..413c20c5 100644
--- a/watchsimulator/include/OpenSSL/types.h
+++ b/watchsimulator/include/OpenSSL/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/watchsimulator/include/OpenSSL/x509.h b/watchsimulator/include/OpenSSL/x509.h
index 88cde83c..9dbb2b97 100644
--- a/watchsimulator/include/OpenSSL/x509.h
+++ b/watchsimulator/include/OpenSSL/x509.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509.h.in
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                           const char *propq);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
@@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
                                 const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
+                            const char *propq);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 
 DECLARE_ASN1_DUP_FUNCTION(X509)
@@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
@@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey);
 
-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
 int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
                                 int type, const unsigned char *bytes, int len);
 
 
+void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub,
+                                 unsigned char *penc, int penclen);
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
                            unsigned char *penc, int penclen);
diff --git a/watchsimulator/include/OpenSSL/x509_vfy.h b/watchsimulator/include/OpenSSL/x509_vfy.h
index 7de901b3..8cf06024 100644
--- a/watchsimulator/include/OpenSSL/x509_vfy.h
+++ b/watchsimulator/include/OpenSSL/x509_vfy.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by Makefile from include/openssl/x509_vfy.h.in
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
+# define X509_V_ERR_RPK_UNTRUSTED                        95
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
@@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
                                           const X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
                                              const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
 
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
 #define X509_STORE_set_verify_func(ctx, func) \
             X509_STORE_set_verify((ctx),(func))
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
                                X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
                               X509_STORE_CTX_verify_cb verify_cb);
 # define X509_STORE_set_verify_cb_func(ctx,func) \
             X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
                                X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
                                  X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
                                      X509_STORE_CTX_check_revocation_fn check_revocation);
 X509_STORE_CTX_check_revocation_fn
-    X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+    X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
                             X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
                               X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
                              X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
                                  X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
 #define X509_STORE_set_lookup_crls_cb(ctx, func) \
     X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
                             X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
 
 #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                         X509 *target, STACK_OF(X509) *untrusted);
+int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
+                            EVP_PKEY* rpk);
 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
+                                X509_STORE_CTX_get_crl_fn get_crl);
 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
@@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
@@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
     const X509_LOOKUP_METHOD *method);
 
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
 
 int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
                                   X509_LOOKUP_TYPE type,
@@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
-                                               const char *file,
-                                               const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
 
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
                             OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
                              OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
-                                 const char *dir, OSSL_LIB_CTX *libctx,
-                                 const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
-                                    const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+                                 const char *file, const char *dir,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+                                    OSSL_LIB_CTX *libctx, const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
@@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
@@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
+void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
+                                        unsigned int current_reasons);
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
diff --git a/watchsimulator/include/OpenSSL/x509err.h b/watchsimulator/include/OpenSSL/x509err.h
index 9f56b58d..8f6b670c 100644
--- a/watchsimulator/include/OpenSSL/x509err.h
+++ b/watchsimulator/include/OpenSSL/x509err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/watchsimulator/include/OpenSSL/x509v3.h b/watchsimulator/include/OpenSSL/x509v3.h
index ffe75e56..897f02f1 100644
--- a/watchsimulator/include/OpenSSL/x509v3.h
+++ b/watchsimulator/include/OpenSSL/x509v3.h
@@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
 
diff --git a/watchsimulator/include/OpenSSL/x509v3err.h b/watchsimulator/include/OpenSSL/x509v3err.h
index b422b48d..b2cdc12d 100644
--- a/watchsimulator/include/OpenSSL/x509v3err.h
+++ b/watchsimulator/include/OpenSSL/x509v3err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,6 +23,8 @@
  */
 # define X509V3_R_BAD_IP_ADDRESS                          118
 # define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BAD_OPTION                              170
+# define X509V3_R_BAD_VALUE                               171
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_DIRNAME_ERROR                           149
@@ -86,6 +88,7 @@
 # define X509V3_R_UNKNOWN_EXTENSION                       129
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNKNOWN_VALUE                           172
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
diff --git a/watchsimulator/lib/libcrypto.a b/watchsimulator/lib/libcrypto.a
index 6ff9ece8..f47208f4 100644
Binary files a/watchsimulator/lib/libcrypto.a and b/watchsimulator/lib/libcrypto.a differ
diff --git a/watchsimulator/lib/libssl.a b/watchsimulator/lib/libssl.a
index 73237ede..88816df9 100644
Binary files a/watchsimulator/lib/libssl.a and b/watchsimulator/lib/libssl.a differ